From b445b300db3a6895647f7f939f63e6b1f52ac0a3 Mon Sep 17 00:00:00 2001
From: Thomas Knall <t.knall@datentechnik-innovation.com>
Date: Tue, 25 Nov 2014 12:03:02 +0100
Subject: Fix build.

- Remove svn metadata.
- Fix local repository (inappropriate xalan-bin-dist dependency file names and copy-past error in dependency pom).
- Switch jdk 1.5/1.6 to 1.7.
- Exclude non working tests.
---
 id/oa/pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'id/oa')

diff --git a/id/oa/pom.xml b/id/oa/pom.xml
index 93993c8a4..c97db6db2 100644
--- a/id/oa/pom.xml
+++ b/id/oa/pom.xml
@@ -56,8 +56,8 @@
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
                 <configuration>
-                    <source>1.6</source>
-                    <target>1.6</target>
+                    <source>1.7</source>
+                    <target>1.7</target>
                 </configuration>
             </plugin>
         </plugins>
-- 
cgit v1.2.3


From a1bb34634bf4f30fc565109358eb51bd1111dc21 Mon Sep 17 00:00:00 2001
From: Thomas Knall <t.knall@datentechnik-innovation.com>
Date: Wed, 21 Jan 2015 08:50:58 +0100
Subject: Add "DefaultAuthentication" process (AT, no mandates, no stork)
 (MOAID-59).

- Fix oa web.xml, switch to servlet 3.0.
- moa-id-auth web.xml
-- Add CharacterEncodingFilter for UTF-8 encoding.
-- Add ProcessEngineSignalServlet.
- Fix invalid template_*.html.
- Add TODO[branch] annotations in order to indicates potential process flow branches.
- Add some missing Javadoc.
- Add property processInstandId to AuthenticationSession.
- Add process engine support.
- Fix HttpServlet init issues.
- Set VerifyAuthenticationBlockServlet and VerifyIdentityLinkServlet deprecated.
---
 id/oa/src/main/webapp/WEB-INF/web.xml              |   4 +-
 .../src/main/webapp/WEB-INF/applicationContext.xml |   2 +
 id/server/auth/src/main/webapp/WEB-INF/web.xml     |  30 ++
 .../auth/src/main/webapp/template_handyBKU.html    |   2 +-
 .../auth/src/main/webapp/template_localBKU.html    |   2 +-
 .../auth/src/main/webapp/template_onlineBKU.html   |   2 +-
 .../moa/id/auth/AuthenticationServer.java          |   5 +
 .../auth/builder/StartAuthenticationBuilder.java   |  11 +
 .../moa/id/auth/data/AuthenticationSession.java    |  20 +-
 .../moa/id/auth/servlet/AuthServlet.java           |  43 ++-
 .../servlet/GenerateIFrameTemplateServlet.java     |  60 ++-
 .../auth/servlet/ProcessEngineSignalServlet.java   |  60 +++
 .../servlet/VerifyAuthenticationBlockServlet.java  |   8 +
 .../id/auth/servlet/VerifyIdentityLinkServlet.java |   6 +
 .../moa/id/auth/tasks/AbstractAuthServletTask.java | 402 +++++++++++++++++++++
 .../id/auth/tasks/CreateIdentityLinkFormTask.java  |  85 +++++
 .../auth/tasks/VerifyAuthenticationBlockTask.java  | 255 +++++++++++++
 .../moa/id/auth/tasks/VerifyIdentityLinkTask.java  | 203 +++++++++++
 .../moa/id/moduls/AuthenticationManager.java       | 177 ++++-----
 .../processes/DefaultAuthentication.process.xml    |  12 +-
 .../resources/properties/id_messages_de.properties |   4 +-
 id/server/stork2-commons/.gitignore                |   1 +
 22 files changed, 1265 insertions(+), 129 deletions(-)
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/AbstractAuthServletTask.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/CreateIdentityLinkFormTask.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyAuthenticationBlockTask.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyIdentityLinkTask.java

(limited to 'id/oa')

diff --git a/id/oa/src/main/webapp/WEB-INF/web.xml b/id/oa/src/main/webapp/WEB-INF/web.xml
index d40f156cd..a42985c95 100644
--- a/id/oa/src/main/webapp/WEB-INF/web.xml
+++ b/id/oa/src/main/webapp/WEB-INF/web.xml
@@ -1,8 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
+<web-app id="WebApp_ID" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
 
-<!DOCTYPE web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN' 'http://java.sun.com/dtd/web-app_2_3.dtd'>
-
-<web-app>
   <display-name>Sample OA</display-name>
   <description>MOA PVP2.1 Sample OA</description>
   
diff --git a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml
index b340133c7..0f9f05baa 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml
@@ -25,5 +25,7 @@
 	<task:scheduled-tasks scheduler="taskScheduler">
 		<task:scheduled ref="processEngine" method="cleanup" fixed-delay="60000" />
 	</task:scheduled-tasks>
+	
+	<bean id="authenticationManager" class="at.gv.egovernment.moa.id.moduls.AuthenticationManager" factory-method="getInstance" />
 
 </beans>
diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml
index fb3888a3e..477cce57b 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/web.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml
@@ -10,6 +10,23 @@
 		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
 	</listener>
 
+	<filter>
+		<filter-name>characterEncodingFilter</filter-name>
+		<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
+		<init-param>
+			<param-name>encoding</param-name>
+			<param-value>UTF-8</param-value>
+		</init-param>
+		<init-param>
+			<param-name>forceEncoding</param-name>
+			<param-value>true</param-value>
+		</init-param>
+	</filter>
+	<filter-mapping>
+		<filter-name>characterEncodingFilter</filter-name>
+		<url-pattern>/*</url-pattern>
+	</filter-mapping>
+
 	<!-- exposes request and response to the current thread -->
 	<filter>
 		<filter-name>requestContextFilter</filter-name>
@@ -20,6 +37,7 @@
 		<url-pattern>/*</url-pattern>
 	</filter-mapping>
 
+
 <!-- 	<servlet>
 		<servlet-name>SelectBKU</servlet-name>
 		<display-name>SelectBKU</display-name>
@@ -153,6 +171,12 @@
 		<servlet-class>at.gv.egovernment.moa.id.protocols.saml1.GetArtifactServlet</servlet-class>
 	</servlet>
 
+	<servlet>
+		<description>Resumes a suspended process engine task.</description>
+		<display-name>ProcessEngineSignal</display-name>
+		<servlet-name>ProcessEngineSignal</servlet-name>
+		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.ProcessEngineSignalServlet</servlet-class>
+	</servlet>
 
 
 
@@ -207,7 +231,10 @@
 		<url-pattern>/idpSingleLogout</url-pattern>
 	</servlet-mapping>	
 	<servlet-mapping>
+		<!--
 		<servlet-name>VerifyIdentityLink</servlet-name>
+		-->
+		<servlet-name>ProcessEngineSignal</servlet-name>
 		<url-pattern>/VerifyIdentityLink</url-pattern>
 	</servlet-mapping>
 	<servlet-mapping>
@@ -229,7 +256,10 @@
 	</servlet-mapping> -->
 	
 	<servlet-mapping>
+		<!--
 		<servlet-name>VerifyAuthBlock</servlet-name>
+		-->
+		<servlet-name>ProcessEngineSignal</servlet-name>
 		<url-pattern>/VerifyAuthBlock</url-pattern>
 	</servlet-mapping>
 <!-- 	<servlet-mapping>
diff --git a/id/server/auth/src/main/webapp/template_handyBKU.html b/id/server/auth/src/main/webapp/template_handyBKU.html
index 91f7fad6f..6c3dc563c 100644
--- a/id/server/auth/src/main/webapp/template_handyBKU.html
+++ b/id/server/auth/src/main/webapp/template_handyBKU.html
@@ -11,7 +11,7 @@
 		</script>
 	</head>
 	<body onLoad="onAnmeldeSubmit()">		 
-      <form name="CustomizedForm" action="<BKU>" method="post" enctype="multipart/form-data<>">
+      <form name="CustomizedForm" action="<BKU>" method="post" enctype="multipart/form-data">
 			Falls Sie nicht automatisch weitergeleitet werden klicken Sie bitte hier:
      		<input class="button" type="submit" value="Starte Anmeldung" name="Senden">
 			<input type="hidden" name="XMLRequest" value="<XMLRequest>">
diff --git a/id/server/auth/src/main/webapp/template_localBKU.html b/id/server/auth/src/main/webapp/template_localBKU.html
index 88fad25ae..0ec8e52c2 100644
--- a/id/server/auth/src/main/webapp/template_localBKU.html
+++ b/id/server/auth/src/main/webapp/template_localBKU.html
@@ -11,7 +11,7 @@
 		</script>
 	</head>
 	<body onLoad="onAnmeldeSubmit()">	   
-		<form target=<REDIRECTTARGET> name="CustomizedForm" action="<BKU>" method="post" enctype="multipart/form-data<>">
+		<form target=<REDIRECTTARGET> name="CustomizedForm" action="<BKU>" method="post" enctype="multipart/form-data">
 			Falls Sie nicht automatisch weitergeleitet werden klicken Sie bitte hier: 
      		<input class="button" type="submit" value="Starte Anmeldung" name="Senden">
 			<input type="hidden" name="XMLRequest" value="<XMLRequest>">
diff --git a/id/server/auth/src/main/webapp/template_onlineBKU.html b/id/server/auth/src/main/webapp/template_onlineBKU.html
index 534d3dc55..39d7bb8e1 100644
--- a/id/server/auth/src/main/webapp/template_onlineBKU.html
+++ b/id/server/auth/src/main/webapp/template_onlineBKU.html
@@ -11,7 +11,7 @@
 		</script>
 	</head>
 	<body onLoad="onAnmeldeSubmit()">	 
-		<form name="CustomizedForm" action="<BKU>" method="post" enctype="multipart/form-data<>">
+		<form name="CustomizedForm" action="<BKU>" method="post" enctype="multipart/form-data">
 			Falls Sie nicht automatisch weitergeleitet werden klicken Sie bitte hier: 
 		    <input class="button" type="hidden" value="Starte Anmeldung" name="Senden">
 			<input type="hidden" name="XMLRequest" value="<XMLRequest>">
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index a33c4fdf4..0b4b6b4af 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -1790,6 +1790,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
 					"application/xhtml+xml", moasession.getCcc()));
 			newAttribute.setValue(value);
 			attributeList.add(newAttribute);
+			
+			// TODO[branch]: STORK AuthReq CPEPS acsURL "/PEPSConnector"
 		}
 		else//Process SignRequest locally with MOCCA
 		{
@@ -1805,6 +1807,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
 			moasession.setSignedDoc(signedDoc);
 
 			acsURL = issuerValue + PEPSConnectorWithLocalSigningServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN;
+			// TODO[branch]: STORK AuthReq acsURL "/PEPSConnectorWithLocalSigning"
 			try {
 				AuthenticationSessionStoreage.storeSession(moasession);
 			} catch (MOADatabaseException e) {
@@ -1897,6 +1900,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
 			StringWriter writer = new StringWriter();
 			template.merge(context, writer);
 
+			// TODO[branch]: SAML2 Form Submit to CPEPS, response to acsURL Servlet
+			
 			resp.setContentType("text/html;charset=UTF-8");            
 			resp.getOutputStream().write(writer.toString().getBytes("UTF-8"));
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java
index 484fe1f9e..a92d3f678 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java
@@ -47,6 +47,16 @@ public class StartAuthenticationBuilder {
 	}
 	
 	
+	/**
+	 * Depending on the selected citizen's country ({@code moasession.ccc}):
+	 * <ul>
+	 * <li><strong>Either</strong> creates an "IdentityLinkForm" with embedded {@code InfoBoxReadRequest} to be submitted to a citizen card
+	 * environment for reading the subject's IdentityLink</li>
+	 * <li><strong>or</strong> creates a STORK auth request and redirects to a CPEPS.</li>
+	 * </ul>
+	 * 
+	 * @return The "IdentityLinkForm" or an empty String in case of STORK.
+	 */
 	public String build(AuthenticationSession moasession, HttpServletRequest req,
 			HttpServletResponse resp) throws WrongParametersException, MOAIDException {
 		
@@ -58,6 +68,7 @@ public class StartAuthenticationBuilder {
 	    
 	    Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(moasession.getCcc()) ? "AT" : moasession.getCcc()));
 	    // STORK or normal authentication
+	    // TODO[branch]: STORK
 	    if (storkConfig.isSTORKAuthentication(moasession.getCcc())) {
 	    	//STORK authentication
 	    	Logger.trace("Found C-PEPS configuration for citizen of country: " + moasession.getCcc());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 26c22fb4a..76bf93249 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -304,6 +304,8 @@ public class AuthenticationSession implements Serializable {
 	private String authnContextClassRef;
 	// private String requestedProtocolURL = null;
 	
+	private String processInstanceId;
+	
 	public String getAuthnContextClassRef() {
 		return authnContextClassRef;
 	}
@@ -1110,6 +1112,22 @@ public class AuthenticationSession implements Serializable {
 	 */
 	public Date getSessionCreated() {
 		return sessionCreated;
-	}	
+	}
+
+	/**
+	 * Returns the identifier of the process instance associated with this moaid session.
+	 * @return The process instance id (may be {@code null} if no process has been created yet).
+	 */
+	public String getProcessInstanceId() {
+		return processInstanceId;
+	}
+
+	/**
+	 * Sets the process instance identifier in order to associate a certain process instance with this moaid session. 
+	 * @param processInstanceId The process instance id.
+	 */
+	public void setProcessInstanceId(String processInstanceId) {
+		this.processInstanceId = processInstanceId;
+	}
 	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
index eb480e37c..404dc68af 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
@@ -66,8 +66,11 @@ import org.apache.commons.fileupload.FileItemFactory;
 import org.apache.commons.fileupload.FileUploadException;
 import org.apache.commons.fileupload.disk.DiskFileItemFactory;
 import org.apache.commons.fileupload.servlet.ServletFileUpload;
-
-import com.datentechnik.process_engine.springweb.AbstractAuthSourceServlet;
+import org.springframework.beans.BeansException;
+import org.springframework.beans.factory.NoSuchBeanDefinitionException;
+import org.springframework.beans.factory.NoUniqueBeanDefinitionException;
+import org.springframework.web.context.WebApplicationContext;
+import org.springframework.web.context.support.WebApplicationContextUtils;
 
 import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
@@ -83,6 +86,8 @@ import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.URLDecoder;
 
+import com.datentechnik.process_engine.ProcessEngine;
+
 /**
  * Base class for MOA-ID Auth Servlets, providing standard error handling and
  * constant names.
@@ -90,7 +95,7 @@ import at.gv.egovernment.moa.util.URLDecoder;
  * @author Paul Ivancsics
  * @version $Id$
  */
-public class AuthServlet extends AbstractAuthSourceServlet implements MOAIDAuthConstants {
+public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
 
 	/**
 	 * 
@@ -99,6 +104,11 @@ public class AuthServlet extends AbstractAuthSourceServlet implements MOAIDAuthC
 
 	protected static final String ERROR_CODE_PARAM = "errorid";
 	
+	/**
+	 * The process engine.
+	 */
+	private ProcessEngine processEngine;
+	
 	@Override
 	protected void doGet(HttpServletRequest req, HttpServletResponse resp)
 			throws ServletException, IOException {
@@ -456,4 +466,31 @@ public class AuthServlet extends AbstractAuthSourceServlet implements MOAIDAuthC
 
 	}
 
+
+	/**
+	 * Returns the underlying process engine instance.
+	 * 
+	 * @return The process engine (never {@code null}).
+	 * @throws NoSuchBeanDefinitionException
+	 *             if no {@link ProcessEngine} bean was found.
+	 * @throws NoUniqueBeanDefinitionException
+	 *             if more than one {@link ProcessEngine} bean was found.
+	 * @throws BeansException
+	 *             if a problem getting the {@link ProcessEngine} bean occurred.
+	 * @throws IllegalStateException
+	 *             if the Spring WebApplicationContext was not found, which means that the servlet is used outside a
+	 *             Spring web environment.
+	 */
+	public synchronized ProcessEngine getProcessEngine() {
+		if (processEngine == null) {
+			WebApplicationContext ctx = WebApplicationContextUtils.getWebApplicationContext(getServletContext());
+			if (ctx == null) {
+				throw new IllegalStateException(
+						"Unable to find Spring WebApplicationContext. Servlet needs to be executed within a Spring web environment.");
+			}
+			processEngine = ctx.getBean(ProcessEngine.class);
+		}
+		return processEngine;
+	}
+	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
index 2ef8ab5ec..430936e97 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
@@ -23,18 +23,14 @@
 package at.gv.egovernment.moa.id.auth.servlet;
 
 import java.io.IOException;
-import java.io.PrintWriter;
 import java.util.List;
 
-import javax.servlet.ServletConfig;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.commons.lang.StringEscapeUtils;
 
-import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
-import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -46,29 +42,16 @@ import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
-import at.gv.egovernment.moa.util.StringUtils;
+
+import com.datentechnik.process_engine.ProcessInstance;
 
 public class GenerateIFrameTemplateServlet extends AuthServlet {
 
 	private static final long serialVersionUID = 1L;
 
-	public void init(ServletConfig servletConfig) throws ServletException {
-//		    try {
-//		      super.init(servletConfig);
-//		      MOAIDAuthInitializer.initialize();
-//		      Logger.debug("default platform file.encoding: " + System.getProperty("file.encoding"));
-//		      Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null));
-//		    }
-//		    catch (Exception ex) {
-//		      Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex);
-//		      throw new ServletException(ex);
-//		    }
-	}
-	  
 	protected void doGet(HttpServletRequest req, HttpServletResponse resp)
 			throws ServletException, IOException {
 		Logger.info("Receive " + GenerateIFrameTemplateServlet.class + " Request");
@@ -95,7 +78,7 @@ public class GenerateIFrameTemplateServlet extends AuthServlet {
 			
 	    	    moasession = AuthenticationSessionStoreage.getSession(moasessionid);
 	    	    
-	    	    AuthenticationSessionStoreage.changeSessionID(moasession);
+//	    	    AuthenticationSessionStoreage.changeSessionID(moasession);
 			
 			} catch (MOADatabaseException e) {
 				Logger.info("MOASession with SessionID="+ moasessionid + " is not found in Database");
@@ -162,26 +145,28 @@ public class GenerateIFrameTemplateServlet extends AuthServlet {
 		    											   req);
 			}
 			
-		    StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance();			
-		    String getIdentityLinkForm = startauth.build(moasession, req, resp);
-			
-			//store MOASession
+			// select and create process instance
+			// TODO[MOAID-49]: Automatically selection of process
+	    	ProcessInstance pi = getProcessEngine().createProcessInstance("DefaultAuthentication");
+	    	// keep process instance id in moa session
+	    	moasession.setProcessInstanceId(pi.getId());
+	    	// set execution context
+	    	pi.getExecutionContext().put("ccc", moasession.getCcc());
+	    	pi.getExecutionContext().put("useMandate", moasession.getUseMandate());
+	    	pi.getExecutionContext().put("bkuURL", moasession.getBkuURL());
+
+			// make sure moa session has been persisted before running the process
 			try {
 				AuthenticationSessionStoreage.storeSession(moasession);
-				
 			} catch (MOADatabaseException e) {
 				Logger.error("Database Error! MOASession is not stored!");
 				throw new MOAIDException("init.04", new Object[] {
 						moasession.getSessionID()});
 			}
-		    
-		    if (!StringUtils.isEmpty(getIdentityLinkForm)) {
-		    	resp.setContentType("text/html;charset=UTF-8");
-		    	PrintWriter out = new PrintWriter(resp.getOutputStream());
-		    	out.print(getIdentityLinkForm);
-		    	out.flush();
-		    	Logger.debug("Finished GET "+GenerateIFrameTemplateServlet.class);
-		    }
+	    	
+	    	// start process
+	    	getProcessEngine().start(pi);
+
 	    } 
 	    catch (WrongParametersException ex) {
 	    	handleWrongParameters(ex, req, resp);
@@ -199,4 +184,13 @@ public class GenerateIFrameTemplateServlet extends AuthServlet {
 	    	ConfigurationDBUtils.closeSession();
 	    }
 	}
+
+	
+	
+	
+	
+	
+	
+	
+
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java
new file mode 100644
index 000000000..1ea8631c6
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java
@@ -0,0 +1,60 @@
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringEscapeUtils;
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+
+import com.datentechnik.process_engine.ProcessInstance;
+
+public class ProcessEngineSignalServlet extends AuthServlet {
+
+	private static final long serialVersionUID = 1L;
+
+	@Override
+	protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
+		String sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID));
+
+		resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+		resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+		resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+		resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
+		try {
+
+			// check parameter
+			if (!ParamValidatorUtils.isValidSessionID(sessionID)) {
+				throw new WrongParametersException("ProcessEngineSignal", PARAM_SESSIONID, "auth.12");
+			}
+
+			// retrieve moa session
+			AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+
+			// process instance is mandatory
+			if (session.getProcessInstanceId() == null) {
+				throw new IllegalStateException("MOA session does not provide process instance id.");
+			}
+			
+			// wake up next task
+			ProcessInstance pi = getProcessEngine().getProcessInstance(session.getProcessInstanceId());
+			getProcessEngine().signal(pi);
+
+		} catch (Exception ex) {
+			handleError(null, ex, req, resp, null);
+		} finally {
+			MOASessionDBUtils.closeSession();
+		}
+
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
index e7fa9cbd7..dc350bfb7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -71,6 +71,7 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.tasks.VerifyAuthenticationBlockTask;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.ConnectionParameter;
@@ -92,6 +93,7 @@ import at.gv.egovernment.moa.util.DOMUtils;
  * 
  * @author Paul Ivancsics
  * @version $Id$
+ * @deprecated Use {@link VerifyAuthenticationBlockTask} instead.
  */
 public class VerifyAuthenticationBlockServlet extends AuthServlet {
 	
@@ -151,6 +153,9 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
   protected void doPost(HttpServletRequest req, HttpServletResponse resp)
     throws ServletException, IOException {
 
+	  if (System.currentTimeMillis() > 0) {
+		  throw new IllegalStateException(getClass().getName() + " should not be called any more.");
+	  }
 		Logger.debug("POST VerifyAuthenticationBlock");
 		
 		resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
@@ -158,6 +163,9 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
 		resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
 		resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
 		
+		if (System.currentTimeMillis() > 0) {
+			throw new IllegalStateException(getClass().getName() + " should not be called any more.");
+		}
 		String pendingRequestID = null;
 		  
     Map<String, String> parameters;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
index 3b503f07b..3fcdfe150 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -65,6 +65,7 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.tasks.VerifyIdentityLinkTask;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
 import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
@@ -82,6 +83,7 @@ import at.gv.egovernment.moa.logging.Logger;
  *
  * @author Paul Ivancsics
  * @version $Id$
+ * @deprecated Use {@link VerifyIdentityLinkTask} instead.
  */
 public class VerifyIdentityLinkServlet extends AuthServlet {
 
@@ -134,6 +136,10 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
   protected void doPost(HttpServletRequest req, HttpServletResponse resp)
     throws ServletException, IOException {
 
+	  if (System.currentTimeMillis() > 0) {
+		  throw new IllegalStateException(getClass().getName() + " should not be called any more.");
+	  }
+	  
 		Logger.debug("POST VerifyIdentityLink");
 		  
     Map<String, String> parameters;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/AbstractAuthServletTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/AbstractAuthServletTask.java
new file mode 100644
index 000000000..d43e8cf68
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/AbstractAuthServletTask.java
@@ -0,0 +1,402 @@
+package at.gv.egovernment.moa.id.auth.tasks;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Set;
+
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.fileupload.FileItem;
+import org.apache.commons.fileupload.FileItemFactory;
+import org.apache.commons.fileupload.FileUploadException;
+import org.apache.commons.fileupload.disk.DiskFileItemFactory;
+import org.apache.commons.fileupload.servlet.ServletFileUpload;
+import org.apache.commons.lang3.ArrayUtils;
+
+import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet;
+import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl;
+import at.gv.egovernment.moa.id.storage.IExceptionStore;
+import at.gv.egovernment.moa.id.util.ServletUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moa.util.URLDecoder;
+
+import com.datentechnik.process_engine.springweb.AbstractSpringWebSupportedTask;
+
+public abstract class AbstractAuthServletTask extends AbstractSpringWebSupportedTask implements MOAIDAuthConstants {
+
+	protected static final String ERROR_CODE_PARAM = "errorid";
+
+	protected void handleErrorNoRedirect(String errorMessage, Throwable exceptionThrown,
+			HttpServletRequest req, HttpServletResponse resp) {
+
+		if (null != errorMessage) {
+			Logger.error(errorMessage);
+			req.setAttribute("ErrorMessage", errorMessage);
+		}
+
+		if (null != exceptionThrown) {
+			if (null == errorMessage)
+				errorMessage = exceptionThrown.getMessage();
+			Logger.error(errorMessage, exceptionThrown);
+			req.setAttribute("ExceptionThrown", exceptionThrown);
+		}
+
+		if (Logger.isDebugEnabled()) {
+			req.setAttribute("LogLevel", "debug");
+		}
+		
+		
+		StatisticLogger logger = StatisticLogger.getInstance();
+		logger.logErrorOperation(exceptionThrown);
+		
+		
+		// forward this to errorpage-auth.jsp where the HTML error page is
+		// generated
+		ServletContext context = req.getServletContext();
+		RequestDispatcher dispatcher = context
+				.getRequestDispatcher("/errorpage-auth.jsp");
+		try {
+
+			resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
+					MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+			resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
+					MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+			resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+					MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+			resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+					MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
+			dispatcher.forward(req, resp);
+		} catch (ServletException e) {
+			Logger.error(e);
+		} catch (IOException e) {
+			Logger.error(e);
+		}
+	}
+	
+	/**
+	 * Handles an error. <br>>
+	 * <ul>
+	 * <li>Logs the error</li>
+	 * <li>Places error message and exception thrown into the request as request
+	 * attributes (to be used by <code>"/errorpage-auth.jsp"</code>)</li>
+	 * <li>Sets HTTP status 500 (internal server error)</li>
+	 * </ul>
+	 * 
+	 * @param errorMessage
+	 *            error message
+	 * @param exceptionThrown
+	 *            exception thrown
+	 * @param req
+	 *            servlet request
+	 * @param resp
+	 *            servlet response
+	 */
+	protected void handleError(String errorMessage, Throwable exceptionThrown,
+			HttpServletRequest req, HttpServletResponse resp, String pendingRequestID) {
+
+		if (null != errorMessage) {
+			Logger.error(errorMessage);
+			req.setAttribute("ErrorMessage", errorMessage);
+		}
+
+		if (null != exceptionThrown) {
+			if (null == errorMessage)
+				errorMessage = exceptionThrown.getMessage();
+			Logger.error(errorMessage, exceptionThrown);
+			req.setAttribute("ExceptionThrown", exceptionThrown);
+		}
+
+		if (Logger.isDebugEnabled()) {
+			req.setAttribute("LogLevel", "debug");
+		}
+
+		if (!(exceptionThrown instanceof MOAIDException)) {
+			Logger.error("Receive an internal error: Message=" + exceptionThrown.getMessage(), exceptionThrown);
+			
+		}
+		
+		IExceptionStore store = DBExceptionStoreImpl.getStore();
+		String id = store.storeException(exceptionThrown);
+
+		if (id != null && MiscUtil.isNotEmpty(pendingRequestID)) {
+		
+			String redirectURL = null;
+
+			redirectURL = ServletUtils.getBaseUrl(req);
+			redirectURL += "/dispatcher?" + ERROR_CODE_PARAM + "=" + id 
+					+ "&" + DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;
+		
+			resp.setContentType("text/html");
+			resp.setStatus(302);
+	
+			resp.addHeader("Location", redirectURL);		
+			Logger.debug("REDIRECT TO: " + redirectURL);	
+		
+			return;
+			
+		} else {
+			
+			//Exception can not be stored in database
+			handleErrorNoRedirect(errorMessage, exceptionThrown, req, resp);
+		}
+	}
+
+	/**
+	 * Handles a <code>WrongParametersException</code>.
+	 * 
+	 * @param req
+	 *            servlet request
+	 * @param resp
+	 *            servlet response
+	 */
+	protected void handleWrongParameters(WrongParametersException ex,
+			HttpServletRequest req, HttpServletResponse resp) {
+		Logger.error(ex.toString());
+		req.setAttribute("WrongParameters", ex.getMessage());
+
+		// forward this to errorpage-auth.jsp where the HTML error page is
+		// generated
+		ServletContext context = req.getServletContext();
+		RequestDispatcher dispatcher = context
+				.getRequestDispatcher("/errorpage-auth.jsp");
+		try {
+			resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
+					MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+			resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
+					MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+			resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+					MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+			resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+					MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
+			dispatcher.forward(req, resp);
+		} catch (ServletException e) {
+			Logger.error(e);
+		} catch (IOException e) {
+			Logger.error(e);
+		}
+	}
+
+	/**
+	 * Logs all servlet parameters for debugging purposes.
+	 */
+	protected void logParameters(HttpServletRequest req) {
+		for (Enumeration params = req.getParameterNames(); params
+				.hasMoreElements();) {
+			String parname = (String) params.nextElement();
+			Logger.debug("Parameter " + parname + req.getParameter(parname));
+		}
+	}
+
+	/**
+	 * Parses the request input stream for parameters, assuming parameters are
+	 * encoded UTF-8 (no standard exists how browsers should encode them).
+	 * 
+	 * @param req
+	 *            servlet request
+	 * 
+	 * @return mapping parameter name -> value
+	 * 
+	 * @throws IOException
+	 *             if parsing request parameters fails.
+	 * 
+	 * @throws FileUploadException
+	 *             if parsing request parameters fails.
+	 */
+	protected Map<String, String> getParameters(HttpServletRequest req) throws IOException,
+			FileUploadException {
+
+		Map<String, String> parameters = new HashMap<String, String>();
+
+		if (ServletFileUpload.isMultipartContent(req)) {
+			// request is encoded as mulitpart/form-data
+			FileItemFactory factory = new DiskFileItemFactory();
+			ServletFileUpload upload = null;
+			upload = new ServletFileUpload(factory);
+			List items = null;
+			items = upload.parseRequest(req);
+			for (int i = 0; i < items.size(); i++) {
+				FileItem item = (FileItem) items.get(i);
+				if (item.isFormField()) {
+					// Process only form fields - no file upload items
+					String logString = item.getString("UTF-8");
+
+					// TODO use RegExp
+					String startS = "<pr:Identification><pr:Value>";
+					String endS = "</pr:Value><pr:Type>urn:publicid:gv.at:baseid</pr:Type>";
+					String logWithMaskedBaseid = logString;
+					int start = logString.indexOf(startS);
+					if (start > -1) {
+						int end = logString.indexOf(endS);
+						if (end > -1) {
+							logWithMaskedBaseid = logString.substring(0, start);
+							logWithMaskedBaseid += startS;
+							logWithMaskedBaseid += "xxxxxxxxxxxxxxxxxxxxxxxx";
+							logWithMaskedBaseid += logString.substring(end,
+									logString.length());
+						}
+					}
+					parameters
+							.put(item.getFieldName(), item.getString("UTF-8"));
+					Logger.debug("Processed multipart/form-data request parameter: \nName: "
+							+ item.getFieldName()
+							+ "\nValue: "
+							+ logWithMaskedBaseid);
+				}
+			}
+		}
+
+		else {
+			// request is encoded as application/x-www-urlencoded
+			// [tknall]: we must not consume request body input stream once servlet-api request parameters have been accessed
+			
+			/*
+			InputStream in = req.getInputStream();
+
+			String paramName;
+			String paramValueURLEncoded;
+			do {
+				paramName = new String(readBytesUpTo(in, '='));
+				if (paramName.length() > 0) {
+					paramValueURLEncoded = readBytesUpTo(in, '&');
+					String paramValue = URLDecoder.decode(paramValueURLEncoded,
+							"UTF-8");
+					parameters.put(paramName, paramValue);
+				}
+			} while (paramName.length() > 0);
+			in.close();
+			*/
+			
+			Iterator<Entry<String, String[]>> requestParamIt = req.getParameterMap().entrySet().iterator();
+			while (requestParamIt.hasNext()) {
+				Entry<String, String[]> entry = requestParamIt.next();
+				String key = entry.getKey();
+				String[] values = entry.getValue();
+				// take the last value from the value array since the legacy code above also does it this way
+				parameters.put(key, ArrayUtils.isEmpty(values) ? null : values[values.length-1]); 
+			}
+			
+		}
+
+		return parameters;
+	}
+
+	/**
+	 * Reads bytes up to a delimiter, consuming the delimiter.
+	 * 
+	 * @param in
+	 *            input stream
+	 * @param delimiter
+	 *            delimiter character
+	 * @return String constructed from the read bytes
+	 * @throws IOException
+	 */
+	protected String readBytesUpTo(InputStream in, char delimiter)
+			throws IOException {
+		ByteArrayOutputStream bout = new ByteArrayOutputStream();
+		boolean done = false;
+		int b;
+		while (!done && (b = in.read()) >= 0) {
+			if (b == delimiter)
+				done = true;
+			else
+				bout.write(b);
+		}
+		return bout.toString();
+	}
+
+
+	
+//	public void contextDestroyed(ServletContextEvent arg0) {
+//		Security.removeProvider((new IAIK()).getName());
+//		Security.removeProvider((new ECCProvider()).getName());
+//	}
+	
+	/**
+	 * Set response headers to avoid caching
+	 * 
+	 * @param request
+	 *            HttpServletRequest
+	 * @param response
+	 *            HttpServletResponse
+	 */
+	protected void setNoCachingHeadersInHttpRespone(HttpServletRequest request,
+			HttpServletResponse response) {
+		response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
+				MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+		response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
+				MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+		response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+				MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+		response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+				MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
+	}
+
+	/**
+	 * Adds a parameter to a URL.
+	 * 
+	 * @param url
+	 *            the URL
+	 * @param paramname
+	 *            parameter name
+	 * @param paramvalue
+	 *            parameter value
+	 * @return the URL with parameter added
+	 */
+	protected static String addURLParameter(String url, String paramname,
+			String paramvalue) {
+		String param = paramname + "=" + paramvalue;
+		if (url.indexOf("?") < 0)
+			return url + "?" + param;
+		else
+			return url + "&" + param;
+	}
+
+	/**
+	 * Checks if HTTP requests are allowed
+	 * 
+	 * @param authURL
+	 *            requestURL
+	 * @throws AuthenticationException
+	 *             if HTTP requests are not allowed
+	 * @throws ConfigurationException
+	 */
+	protected void checkIfHTTPisAllowed(String authURL)
+			throws AuthenticationException, ConfigurationException {
+		// check if HTTP Connection may be allowed (through
+		// FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
+		
+		//Removed from MOA-ID 2.0 config
+//		String boolStr = AuthConfigurationProvider
+//				.getInstance()
+//				.getGenericConfigurationParameter(
+//						AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
+		if ((!authURL.startsWith("https:"))
+				//&& (false == BoolUtils.valueOf(boolStr))
+				)
+			throw new AuthenticationException("auth.07", new Object[] { authURL
+					+ "*" });
+
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/CreateIdentityLinkFormTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/CreateIdentityLinkFormTask.java
new file mode 100644
index 000000000..4c87bb689
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/CreateIdentityLinkFormTask.java
@@ -0,0 +1,85 @@
+package at.gv.egovernment.moa.id.auth.tasks;
+
+import java.io.PrintWriter;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.commons.lang3.ObjectUtils;
+
+import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moa.util.StringUtils;
+
+import com.datentechnik.process_engine.api.ExecutionContext;
+
+public class CreateIdentityLinkFormTask extends AbstractAuthServletTask {
+
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
+			throws Exception {
+
+		String pendingRequestID = null;
+		String moasessionid = StringEscapeUtils.escapeHtml(ObjectUtils.defaultIfNull(req.getParameter(PARAM_SESSIONID), (String) executionContext.get(PARAM_SESSIONID)));
+		AuthenticationSession moasession = null;
+		try {
+			
+			if (MiscUtil.isEmpty(moasessionid)) {
+				Logger.warn("MOASessionID is empty.");
+				throw new MOAIDException("auth.18", new Object[] {});
+			}
+			
+			try {
+			
+				pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moasessionid);
+				moasession = AuthenticationSessionStoreage.getSession(moasessionid);
+				AuthenticationSessionStoreage.changeSessionID(moasession);
+				executionContext.remove(PARAM_SESSIONID);
+			
+			} catch (MOADatabaseException e) {
+				Logger.info("MOASession with SessionID=" + moasessionid + " is not found in Database");
+				throw new MOAIDException("init.04", new Object[] { moasessionid });
+
+			} catch (Throwable e) {
+				Logger.info("No HTTP Session found!");
+				throw new MOAIDException("auth.18", new Object[] {});
+			}
+
+			StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance();
+			String getIdentityLinkForm = startauth.build(moasession, req, resp);
+
+			if (!StringUtils.isEmpty(getIdentityLinkForm)) {
+				resp.setContentType("text/html;charset=UTF-8");
+				PrintWriter out = new PrintWriter(resp.getOutputStream());
+				out.print(getIdentityLinkForm);
+				out.flush();
+				Logger.debug("Finished GET " + GenerateIFrameTemplateServlet.class);
+			}
+			
+		} catch (WrongParametersException ex) {
+			handleWrongParameters(ex, req, resp);
+		}
+
+		catch (MOAIDException ex) {
+			handleError(null, ex, req, resp, pendingRequestID);
+
+		} catch (Exception e) {
+			Logger.error("CreateIdentityLinkFormTask has an interal Error.", e);
+
+		}
+
+		finally {
+			ConfigurationDBUtils.closeSession();
+		}
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyAuthenticationBlockTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyAuthenticationBlockTask.java
new file mode 100644
index 000000000..ff1bc8cd1
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyAuthenticationBlockTask.java
@@ -0,0 +1,255 @@
+package at.gv.egovernment.moa.id.auth.tasks;
+
+import iaik.pki.PKIException;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.util.List;
+import java.util.Map;
+
+import javax.net.ssl.SSLSocketFactory;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.transform.TransformerException;
+
+import org.apache.commons.fileupload.FileUploadException;
+import org.apache.commons.lang.StringEscapeUtils;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
+
+import com.datentechnik.process_engine.api.ExecutionContext;
+
+public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask {
+
+	  /**
+	   * Verifies the signed authentication block and redirects the browser
+	   * to the online application requested, adding a parameter needed for
+	   * retrieving the authentication data.
+	   * <br>
+	   * Request parameters:
+	   * <ul>
+	   * <li>MOASessionID: ID of associated authentication session</li>
+	   * <li>XMLResponse: <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
+	   * </ul>
+	   * Response:
+	   * <ul>
+	   * <li>Status: <code>302</code></li>
+	   * <li>Header <code>"Location"</code>: URL of the online application requested, with
+	   * 						parameters <code>"Target"</code>(only if the online application is
+	   *            a public service) and <code>"SAMLArtifact"</code> added</li>
+	   * <li>Error status: <code>500</code>
+	   * </ul>
+	   * @see AuthenticationServer#verifyAuthenticationBlock
+	   * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
+	   */
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
+			throws Exception {
+
+		// note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet
+		
+		Logger.debug("POST VerifyAuthenticationBlock");
+		
+		String pendingRequestID = null;		
+		
+	    Map<String, String> parameters;
+	    try 
+	    {
+	      parameters = getParameters(req);
+	    } catch (FileUploadException e) 
+	    {
+	      Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+	      throw new IOException(e.getMessage());
+	      
+	    }
+			String sessionID = req.getParameter(PARAM_SESSIONID);
+			String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);
+
+			// escape parameter strings
+			sessionID = StringEscapeUtils.escapeHtml(sessionID);
+			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+		   		
+			String redirectURL = null;
+			try {
+	         // check parameter
+	         if (!ParamValidatorUtils.isValidSessionID(sessionID))
+	            throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12");
+	         if (!ParamValidatorUtils.isValidXMLDocument(createXMLSignatureResponse))
+	            throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12");
+
+				AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+
+				//change MOASessionID
+			    sessionID = AuthenticationSessionStoreage.changeSessionID(session);
+				
+				String samlArtifactBase64 = AuthenticationServer.getInstance().verifyAuthenticationBlock(session, createXMLSignatureResponse);
+				
+
+				
+				if (samlArtifactBase64 == null) { 
+					//mandate Mode
+				
+					  AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance();
+						ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter();	
+						SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters);
+						
+						// get identitity link as byte[]
+						Element elem = session.getIdentityLink().getSamlAssertion();
+						String s = DOMUtils.serializeNode(elem);
+						
+						//System.out.println("IDL: " + s);
+						
+						byte[] idl = s.getBytes("UTF-8");
+						
+						// redirect url
+						// build redirect(to the GetMISSessionIdSerlvet)
+						
+						//change MOASessionID before MIS request
+						String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session);
+						
+				        redirectURL =
+				              new DataURLBuilder().buildDataURL(
+				                session.getAuthURL(),
+				                GET_MIS_SESSIONID,
+				                newMOASessionID);
+						
+				        String oaURL = session.getOAURLRequested();
+				        OAAuthParameter oaParam = authConf.getOnlineApplicationParameter(oaURL);
+				        List<String> profiles = oaParam.getMandateProfiles();
+
+				        if (profiles == null) {
+				      	  Logger.error("No Mandate/Profile for OA configured.");
+				      	  throw new AuthenticationException("config.21", new Object[] { GET_MIS_SESSIONID});
+				        }
+				        
+//				        String profilesArray[] = profiles.split(",");  	 		 
+//				        for(int i = 0; i < profilesArray.length; i++) {
+//				      	  profilesArray[i] = profilesArray[i].trim();
+//				        }
+				        
+				        String oaFriendlyName = oaParam.getFriendlyName();
+				        String mandateReferenceValue = session.getMandateReferenceValue();
+				        byte[] cert = session.getEncodedSignerCertificate();
+				        byte[] authBlock = session.getAuthBlock().getBytes("UTF-8");
+				        
+				        //TODO: check in case of SSO!!!
+				        String targetType = null;  
+				        if(oaParam.getBusinessService()) {
+				        	String id = oaParam.getIdentityLinkDomainIdentifier();
+				        	if (id.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_))
+				        		targetType = id;
+				        	else
+				        		targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+session.getDomainIdentifier();
+				        	
+				        } else {
+				        	targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget();
+				        }
+				        
+				        MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(
+				        		connectionParameters.getUrl(), 
+				        		idl, 
+				        		cert, 
+				        		oaFriendlyName, 
+				        		redirectURL, 
+				        		mandateReferenceValue, 
+				        		profiles, 
+				        		targetType,
+				        		authBlock,
+				        		sslFactory);
+				        
+				        if (misSessionID == null) {
+				      	  Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null.");
+				      	  throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service.");
+				        }
+				        
+				        String redirectMISGUI = misSessionID.getRedirectURL();
+				        session.setMISSessionID(misSessionID.getSessiondId());
+					
+						try {
+							AuthenticationSessionStoreage.storeSession(session);
+						} catch (MOADatabaseException e) {
+							throw new MOAIDException("Session store error", null);
+						}
+				        
+						// TODO[branch]: Mandate; redirect to MIS website; website redirects back to "/GetMISSessionID"
+						
+				        resp.setStatus(302);
+				    	  resp.addHeader("Location", redirectMISGUI);
+				    	  Logger.debug("REDIRECT TO: " + redirectURL);
+				}
+				else {
+					if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
+						/*redirectURL = session.getOAURLRequested();
+						if (!session.getBusinessService()) {
+							redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
+		          
+						}
+						redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+						redirectURL = resp.encodeRedirectURL(redirectURL);*/
+						
+						// TODO[branch]: Final step back to /dispatcher
+					
+						redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), 
+								ModulUtils.buildAuthURL(session.getModul(), session.getAction(), pendingRequestID), samlArtifactBase64);
+						
+					} else {
+						// TODO[tlenz]: Should not be needed any more (respective code in AuthenticationServer has been disabled)
+						redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
+					}
+							
+					resp.setContentType("text/html");
+					resp.setStatus(302);
+				
+					resp.addHeader("Location", redirectURL);		
+					Logger.debug("REDIRECT TO: " + redirectURL);				
+					
+				}
+				
+			}
+	    
+			catch (MOAIDException ex) {
+				handleError(null, ex, req, resp, pendingRequestID);
+				
+			} catch (GeneralSecurityException e) {
+				handleError(null, e, req, resp, pendingRequestID);
+				
+			} catch (PKIException e) {
+				handleError(null, e, req, resp, pendingRequestID);
+				
+			} catch (TransformerException e) {
+				handleError(null, e, req, resp, pendingRequestID);
+				
+		    } catch (Exception e) {
+		    	Logger.error("AuthBlockValidation has an interal Error.", e);
+		    }
+		       
+			
+		    finally {
+		    	ConfigurationDBUtils.closeSession();
+		    }		
+		
+		
+		
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyIdentityLinkTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyIdentityLinkTask.java
new file mode 100644
index 000000000..ec12643ec
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyIdentityLinkTask.java
@@ -0,0 +1,203 @@
+package at.gv.egovernment.moa.id.auth.tasks;
+
+import java.io.IOException;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringEscapeUtils;
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.util.ServletUtils;
+import at.gv.egovernment.moa.logging.Logger;
+
+import com.datentechnik.process_engine.api.ExecutionContext;
+
+public class VerifyIdentityLinkTask extends AbstractAuthServletTask {
+
+	/**
+	 * Verifies the identity link and responds with a new 
+	 * <code>CreateXMLSignatureRequest</code> or a new <code>
+	 * InfoboxReadRequest</code> (in case of a foreign eID card).
+	 * <br>
+	 * Request parameters:
+	 * <ul>
+	 * <li>MOASessionID: ID of associated authentication session</li>
+	 * <li>XMLResponse: <code>&lt;InfoboxReadResponse&gt;</code></li>
+	 * </ul>
+	 * Response:
+	 * <ul>
+	 * <li>Content type: <code>"text/xml"</code></li>
+	 * <li>Content: see return value of {@link AuthenticationServer#verifyIdentityLink}</li>
+	 * <li>Error status: <code>500</code>
+	 * </ul>
+	 * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
+	 */
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
+			throws Exception {
+		
+		// note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet
+
+			Logger.debug("POST VerifyIdentityLink");
+			  
+	    Map<String, String> parameters;
+	    String pendingRequestID = null;
+	    
+	    try 
+	    {
+	      parameters = getParameters(req);
+	      
+	    } catch (Exception e) 
+	    {
+	      Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+	      throw new IOException(e.getMessage());
+	    }
+	    String sessionID = req.getParameter(PARAM_SESSIONID);
+	           
+	    // escape parameter strings
+		sessionID = StringEscapeUtils.escapeHtml(sessionID);
+	    
+		pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+		
+	    resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+		resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+		resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+		resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
+		
+	    try {
+	    // check parameter
+	       if (!ParamValidatorUtils.isValidSessionID(sessionID))
+	          throw new WrongParametersException("VerifyIdentityLink", PARAM_SESSIONID, "auth.12");
+	       
+	       
+	       AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+	       
+	       //change MOASessionID
+	       sessionID = AuthenticationSessionStoreage.changeSessionID(session);
+	    	  
+	    	String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(session, parameters);
+
+	    	Logger.debug(createXMLSignatureRequestOrRedirect);
+	    	
+	    	    	
+	    	if (createXMLSignatureRequestOrRedirect == null) {
+	    	   // no identity link found
+
+	    		boolean useMandate = session.getUseMandate();
+	    		if (useMandate) {
+	    			Logger.error("Online-Mandate Mode for foreign citizencs not supported.");
+	    			throw new AuthenticationException("auth.13", null);
+	    		}
+	    		// TODO[branch]: Foreign citizen; respond with IRR for certificates, dataURL = "/VerifyCertificate"
+	    		
+	    		try {
+	    		
+	    		   Logger.info("Send InfoboxReadRequest to BKU to get signer certificate.");
+	    		   
+	    		   // create the InfoboxReadRequest to get the certificate
+	    		   String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
+
+	    		   // build dataurl (to the VerifyCertificateSerlvet)
+	          String dataurl =
+	                new DataURLBuilder().buildDataURL(
+	                  session.getAuthURL(),
+	                  REQ_VERIFY_CERTIFICATE,
+	                  session.getSessionID());
+	          
+	          ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+	          
+	    	    	
+	    	    }
+	    	    catch(Exception e) {
+	    	    	handleError(null, e, req, resp, pendingRequestID);
+	    	    }
+	    	    
+	    	}
+	    	else {
+	    		boolean useMandate = session.getUseMandate();
+	    		
+	    		if (useMandate) { // Mandate modus
+	    			
+	    			// TODO[branch]: Mandate; respond with IRR for certificates, dataURL = "/VerifyCertificate"
+	    			
+	    			// read certificate and set dataurl to 
+	    			Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
+	    			
+	    
+	     		   String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
+
+	     		   // build dataurl (to the GetForeignIDSerlvet)
+	     		   String dataurl =
+	                 new DataURLBuilder().buildDataURL(
+	                   session.getAuthURL(),
+	                   REQ_VERIFY_CERTIFICATE,
+	                   session.getSessionID());
+	           
+	     		  //Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)");
+	     		  //ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+	     		   
+	     		  Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)");
+	     		  ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+	    			
+	    		}	
+	    		else {
+	    			Logger.info("Normal");
+	    			
+	    			// TODO[branch]: Default behaviour; respond with CXSR for authblock signature, dataURL "/VerifyAuthBlock"
+	    			
+	    			OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+	    					.getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+	    			AuthConfigurationProvider authConf = AuthConfigurationProvider
+	    					.getInstance();
+	    			
+	    			createXMLSignatureRequestOrRedirect =  AuthenticationServer.getInstance()
+	    					.getCreateXMLSignatureRequestAuthBlockOrRedirect(session,
+	    					authConf, oaParam);
+	    			
+	    			ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink");
+	    		}
+	    	}
+	    	
+			try {
+				AuthenticationSessionStoreage.storeSession(session);
+				
+			} catch (MOADatabaseException e) {
+				Logger.info("No valid MOA session found. Authentification process is abourted.");
+				throw new AuthenticationException("auth.20", null);
+			}
+	    }
+	    catch (ParseException ex) {
+	    	handleError(null, ex, req, resp, pendingRequestID);
+	    	
+	    } catch (MOAIDException ex) {
+	      handleError(null, ex, req, resp, pendingRequestID);
+	      
+	    } catch (Exception e) {
+	    	Logger.error("IdentityLinkValidation has an interal Error.", e);
+	    }
+	        
+	    finally {
+	    	ConfigurationDBUtils.closeSession();
+	    }
+	  }
+	
+	
+	
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index a4d63b144..0c481d94e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -59,17 +59,16 @@ import org.opensaml.ws.message.encoder.MessageEncodingException;
 import org.opensaml.ws.soap.common.SOAPException;
 import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.security.SecurityException;
+import org.springframework.beans.factory.annotation.Autowired;
 
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder;
 import at.gv.egovernment.moa.id.auth.builder.SendAssertionFormBuilder;
-import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser;
-import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
 import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
@@ -94,25 +93,28 @@ import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
-import at.gv.egovernment.moa.util.StringUtils;
 
-public class AuthenticationManager extends AuthServlet {
+import com.datentechnik.process_engine.ProcessEngine;
+import com.datentechnik.process_engine.ProcessExecutionException;
+import com.datentechnik.process_engine.ProcessInstance;
 
-	private static AuthenticationManager instance = null;
-	
-	private static final long serialVersionUID = 1L;
+public class AuthenticationManager implements MOAIDAuthConstants {
+
+	private static final AuthenticationManager INSTANCE = new AuthenticationManager();
 	
 	public static final String MOA_SESSION = "MoaAuthenticationSession";
 	public static final String MOA_AUTHENTICATED = "MoaAuthenticated";
 
 	public static final int SLOTIMEOUT = 30 * 1000; //30 sec
 	
+	@Autowired
+	private ProcessEngine processEngine;
+	
+	private AuthenticationManager() {
+	}
+	
 	public static AuthenticationManager getInstance() {
-		if (instance == null) {
-			instance = new AuthenticationManager();
-		}
-		
-		return instance;
+		return INSTANCE;
 	}
 	
 	/**
@@ -508,7 +510,10 @@ public class AuthenticationManager extends AuthServlet {
 			throws ServletException, IOException, MOAIDException {
 		Logger.debug("Starting authentication on this IDP ...");
 
-		setNoCachingHeadersInHttpRespone(request, response);
+		response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+		response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+		response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+		response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
 		
 		List<String> legacyallowed_prot = AuthConfigurationProvider.getInstance().getLegacyAllowedProtocols();
 
@@ -529,79 +534,87 @@ public class AuthenticationManager extends AuthServlet {
 			throw new MOAIDException("init.04", new Object[] {});
 		}
 		
-		
-		if (legacyallowed && legacyparamavail) {
-			
-			//parse request parameter into MOASession			
-			StartAuthentificationParameterParser.parse(request, response, moasession, target);
-							
-		    Logger.info("Start Authentication Module: " + moasession.getModul() 
-		    		+ " Action: " + moasession.getAction());
-					    
-		    StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance();
-			
-		    String getIdentityLinkForm = startauth.build(moasession, request, response);
-			
-			//store MOASession
-			try {
-				AuthenticationSessionStoreage.storeSession(moasession, target.getRequestID());				
-			} catch (MOADatabaseException e) {
-				Logger.error("Database Error! MOASession is not stored!");
-				throw new MOAIDException("init.04", new Object[] {
-						moasession.getSessionID()});
-			}
-		    
-		    if (!StringUtils.isEmpty(getIdentityLinkForm)) {
-		    	response.setContentType("text/html;charset=UTF-8");
-		    	PrintWriter out = new PrintWriter(response.getOutputStream());
-		    	out.print(getIdentityLinkForm);
-		    	out.flush();
-		    	Logger.debug("Finished GET StartAuthentication");
-		    }
-			
-		} else {
-			//load Parameters from OnlineApplicationConfiguration
-			OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
-					.getOnlineApplicationParameter(target.getOAURL());
+		try {
 			
-			if (oaParam == null) {
-				throw new AuthenticationException("auth.00", new Object[] { target.getOAURL() });
-			}
+			if (legacyallowed && legacyparamavail) {
+				
+				//parse request parameter into MOASession			
+				StartAuthentificationParameterParser.parse(request, response, moasession, target);
+								
+			    Logger.info("Start Authentication Module: " + moasession.getModul() 
+			    		+ " Action: " + moasession.getAction());
+	
+			    
+				// create process instance
+			    // TODO[MOAID-49]: Automatically selection of process
+		    	ProcessInstance pi = processEngine.createProcessInstance("DefaultAuthentication");
+		    	// keep process instance id in moa session
+		    	moasession.setProcessInstanceId(pi.getId());
+	
+				// make sure moa session has been persisted before running the process
+				try {
+					AuthenticationSessionStoreage.storeSession(moasession);
+				} catch (MOADatabaseException e) {
+					Logger.error("Database Error! MOASession is not stored!");
+					throw new MOAIDException("init.04", new Object[] {
+							moasession.getSessionID()});
+				}
+				
+				// set execution context
+				pi.getExecutionContext().put("ccc", moasession.getCcc());
+				pi.getExecutionContext().put("useMandate", moasession.getUseMandate());
+				pi.getExecutionContext().put("bkuURL", moasession.getBkuURL());
+				pi.getExecutionContext().put(PARAM_SESSIONID, moasession.getSessionID());
+		    	
+		    	// start process
+		    	processEngine.start(pi);
+			    
+			} else {
+				//load Parameters from OnlineApplicationConfiguration
+				OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+						.getOnlineApplicationParameter(target.getOAURL());
+				
+				if (oaParam == null) {
+					throw new AuthenticationException("auth.00", new Object[] { target.getOAURL() });
+				}
+								
+				else {
+					
+					//check if an MOASession exists and if not create an new MOASession
+					//moasession = getORCreateMOASession(request);
+	
+					//set OnlineApplication configuration in Session
+					moasession.setOAURLRequested(target.getOAURL());
+					moasession.setAction(target.requestedAction());
+					moasession.setModul(target.requestedModule());
+				}
 							
-			else {
+				//Build authentication form
 				
-				//check if an MOASession exists and if not create an new MOASession
-				//moasession = getORCreateMOASession(request);
-
-				//set OnlineApplication configuration in Session
-				moasession.setOAURLRequested(target.getOAURL());
-				moasession.setAction(target.requestedAction());
-				moasession.setModul(target.requestedModule());
-			}
-						
-			//Build authentication form
-			
-			
-			String publicURLPreFix = AuthConfigurationProvider.getInstance().getPublicURLPrefix();
-			String loginForm = LoginFormBuilder.buildLoginForm(target.requestedModule(), 
-					target.requestedAction(), oaParam, publicURLPreFix, moasession.getSessionID());
-			
-			//store MOASession
-			try {
-				AuthenticationSessionStoreage.storeSession(moasession, target.getRequestID());				
-			} catch (MOADatabaseException e) {
-				Logger.error("Database Error! MOASession is not stored!");
-				throw new MOAIDException("init.04", new Object[] {
-						moasession.getSessionID()});
+				
+				String publicURLPreFix = AuthConfigurationProvider.getInstance().getPublicURLPrefix();
+				String loginForm = LoginFormBuilder.buildLoginForm(target.requestedModule(), 
+						target.requestedAction(), oaParam, publicURLPreFix, moasession.getSessionID());
+				
+				//store MOASession
+				try {
+					AuthenticationSessionStoreage.storeSession(moasession, target.getRequestID());				
+				} catch (MOADatabaseException e) {
+					Logger.error("Database Error! MOASession is not stored!");
+					throw new MOAIDException("init.04", new Object[] {
+							moasession.getSessionID()});
+				}
+				
+				//set MOAIDSession
+				//request.getSession().setAttribute(MOA_SESSION, moasession.getSessionID());
+				
+				response.setContentType("text/html;charset=UTF-8");
+				PrintWriter out = new PrintWriter(response.getOutputStream()); 
+				out.print(loginForm);
+				out.flush(); 
 			}
-			
-			//set MOAIDSession
-			//request.getSession().setAttribute(MOA_SESSION, moasession.getSessionID());
-			
-			response.setContentType("text/html;charset=UTF-8");
-			PrintWriter out = new PrintWriter(response.getOutputStream()); 
-			out.print(loginForm);
-			out.flush(); 
+		} catch (ProcessExecutionException e) {
+			throw new MOAIDException("process.01", new Object[] { moasession.getProcessInstanceId(), moasession }, e);
 		}
 	}
 }
diff --git a/id/server/idserverlib/src/main/resources/resources/processes/DefaultAuthentication.process.xml b/id/server/idserverlib/src/main/resources/resources/processes/DefaultAuthentication.process.xml
index a2b25e24e..dd27d8a01 100644
--- a/id/server/idserverlib/src/main/resources/resources/processes/DefaultAuthentication.process.xml
+++ b/id/server/idserverlib/src/main/resources/resources/processes/DefaultAuthentication.process.xml
@@ -7,9 +7,15 @@
 -->
 
 	<pd:StartEvent id="start" />
-
-	<pd:Transition from="start" to="end" />
-
+	
+	<pd:Transition from="start" to="createIdentityLinkForm" />
+	<pd:Task id="createIdentityLinkForm" class="at.gv.egovernment.moa.id.auth.tasks.CreateIdentityLinkFormTask" />
+	<pd:Transition from="createIdentityLinkForm" to="verifyIdentityLink" />
+	<pd:Task id="verifyIdentityLink" class="at.gv.egovernment.moa.id.auth.tasks.VerifyIdentityLinkTask" async="true" />
+	<pd:Transition from="verifyIdentityLink" to="verifyAuthBlock" />
+	<pd:Task id="verifyAuthBlock" class="at.gv.egovernment.moa.id.auth.tasks.VerifyAuthenticationBlockTask" async="true" />
+	<pd:Transition from="verifyAuthBlock" to="end" />
+	
 	<pd:EndEvent id="end" />
 
 </pd:ProcessDefinition>
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 8fda4566c..232f53559 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -266,4 +266,6 @@ oauth20.09=Zertifikat fuer JSON Web-Token ist falsch konfiguriert. Fehler bei "{
 
 slo.00=Sie konnten erfolgreich von allen Online-Applikation abgemeldet werden.
 slo.01=Sie konnten NICHT erfolgreich von allen Online-Applikationen abgemeldet werden\!<BR>Bitte schlie\u00DFen Sie aus sicherheitsgr\u00FCnden Ihren Browser.
-slo.02=Es wurde keine aktive SSO Session gefunden oder Sie sind bei keiner Online-Applikation angemeldet.
\ No newline at end of file
+slo.02=Es wurde keine aktive SSO Session gefunden oder Sie sind bei keiner Online-Applikation angemeldet.
+
+process.01=Fehler beim Ausf\u00FChren des Prozesses.
diff --git a/id/server/stork2-commons/.gitignore b/id/server/stork2-commons/.gitignore
index ea8c4bf7f..a9036d427 100644
--- a/id/server/stork2-commons/.gitignore
+++ b/id/server/stork2-commons/.gitignore
@@ -1 +1,2 @@
 /target
+/stork-commons.log*
-- 
cgit v1.2.3


From aa6bb4186317b8f4c9a2c6bdb71d774ee69173c5 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 5 Mar 2015 09:57:56 +0100
Subject: update demo-OA

---
 .../egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java   | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'id/oa')

diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java
index 00d82296c..4bce49465 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java
@@ -115,18 +115,18 @@ public class Authenticate extends HttpServlet {
 			authReq.setAttributeConsumingServiceIndex(0);
 			
 			authReq.setIssueInstant(new DateTime());
-			Subject subject = SAML2Utils.createSAMLObject(Subject.class);
-			NameID name = SAML2Utils.createSAMLObject(NameID.class);
+//			Subject subject = SAML2Utils.createSAMLObject(Subject.class);
+//			NameID name = SAML2Utils.createSAMLObject(NameID.class);
 			Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
 			
 			String serviceURL = config.getPublicUrlPreFix(request);
 			if (!serviceURL.endsWith("/"))
 				serviceURL = serviceURL + "/";
-			name.setValue(serviceURL);
+			//name.setValue(serviceURL);
 			issuer.setValue(serviceURL);
 
-			subject.setNameID(name);
-			authReq.setSubject(subject);
+//			subject.setNameID(name);
+//			authReq.setSubject(subject);
 			issuer.setFormat(NameIDType.ENTITY);
 			authReq.setIssuer(issuer);
 			
-- 
cgit v1.2.3


From d28e5b6e0d0793558f3328c5a420c17bdd606104 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 16 Apr 2015 13:48:50 +0200
Subject: update library versions

---
 common/pom.xml                       | 12 ++---
 id/ConfigWebTool/pom.xml             |  3 --
 id/oa/pom.xml                        |  2 -
 id/server/idserverlib/pom.xml        | 12 ++++-
 id/server/moa-id-commons/pom.xml     |  9 ++--
 id/server/stork2-commons/pom.xml     |  3 +-
 id/server/stork2-saml-engine/pom.xml |  5 --
 pom.xml                              | 89 +++++++++++++++++++++++++++++++-----
 8 files changed, 96 insertions(+), 39 deletions(-)

(limited to 'id/oa')

diff --git a/common/pom.xml b/common/pom.xml
index 72cf702bc..8f18a1b92 100644
--- a/common/pom.xml
+++ b/common/pom.xml
@@ -67,28 +67,24 @@
         <dependency>
             <groupId>joda-time</groupId>
             <artifactId>joda-time</artifactId>
-            <version>2.7</version>
+            <version>${jodatime.version}</version>
         </dependency>
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-api</artifactId>
-            <version>1.7.10</version>
         </dependency>
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>jcl-over-slf4j</artifactId>
-            <version>1.7.10</version>
         </dependency>
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>jul-to-slf4j</artifactId>
-            <version>1.7.10</version>
         </dependency>
         <dependency>
-			<groupId>org.slf4j</groupId>
-			<artifactId>slf4j-log4j12</artifactId>
-			<version>1.7.10</version>
-		</dependency>
+						<groupId>org.slf4j</groupId>
+						<artifactId>slf4j-log4j12</artifactId>
+				</dependency>
         <dependency>
             <groupId>log4j</groupId>
             <artifactId>log4j</artifactId>
diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml
index 827254d00..423d442d0 100644
--- a/id/ConfigWebTool/pom.xml
+++ b/id/ConfigWebTool/pom.xml
@@ -83,7 +83,6 @@
         <dependency>
             <groupId>at.gv.util</groupId>
             <artifactId>egovutils</artifactId>
-            <version>2.0.0</version>
             <exclusions>
                 <exclusion>
                     <groupId>org.apache.cxf</groupId>
@@ -159,12 +158,10 @@
         <dependency>
             <groupId>org.apache.struts</groupId>
             <artifactId>struts2-core</artifactId>
-            <version>2.3.20</version>
         </dependency>
         <dependency>
             <groupId>org.apache.struts</groupId>
             <artifactId>struts2-json-plugin</artifactId>
-            <version>2.3.20</version>
         </dependency>
 
         <dependency>
diff --git a/id/oa/pom.xml b/id/oa/pom.xml
index c97db6db2..173019c1b 100644
--- a/id/oa/pom.xml
+++ b/id/oa/pom.xml
@@ -110,12 +110,10 @@
   		<dependency>
   			<groupId>org.slf4j</groupId>
   			<artifactId>slf4j-api</artifactId>
-  			<version>1.7.6</version>
   		</dependency>
   		<dependency>
   			<groupId>org.slf4j</groupId>
   			<artifactId>slf4j-log4j12</artifactId>
-  			<version>1.7.6</version>
   		</dependency>
   		
   		<dependency>
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index dbfc19b68..9465b56d1 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -113,8 +113,6 @@
 		   <dependency>
             <groupId>at.gv.util</groupId>
             <artifactId>egovutils</artifactId>
-            <!-- <version>1.0.7</version> -->
-            <version>2.0.0</version>
             <exclusions>
                 <exclusion>
                     <groupId>com.sun</groupId>
@@ -142,6 +140,16 @@
                 </exclusion>
             </exclusions>
         </dependency>
+				
+		  <dependency>
+        	<groupId>org.apache.cxf</groupId>
+        	<artifactId>cxf-rt-frontend-jaxws</artifactId>
+    	</dependency>
+    	<dependency>
+        	<groupId>org.apache.cxf</groupId>
+        	<artifactId>cxf-rt-transports-http</artifactId>
+    	</dependency>
+		
 		
 		<dependency>
 			<groupId>javax.xml.bind</groupId>
diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml
index c504a7f0c..27beeaaf3 100644
--- a/id/server/moa-id-commons/pom.xml
+++ b/id/server/moa-id-commons/pom.xml
@@ -46,23 +46,22 @@
         <dependency>
             <groupId>org.hibernate</groupId>
             <artifactId>hibernate-core</artifactId>
-            <version>4.3.8.Final</version>
+            <version>${hibernate.version}</version>
         </dependency>
         <dependency>
             <groupId>org.hibernate</groupId>
             <artifactId>hibernate-c3p0</artifactId>
-            <version>4.3.8.Final</version>
+            <version>${hibernate.version}</version>
         </dependency>
         <dependency>
             <groupId>org.hibernate</groupId>
             <artifactId>hibernate-entitymanager</artifactId>
-            <version>4.3.8.Final</version>
+            <version>${hibernate.version}</version>
         </dependency>
 
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-lang3</artifactId>
-            <version>3.3.2</version>
         </dependency>
 				<dependency>
 					<groupId>commons-httpclient</groupId>
@@ -122,7 +121,7 @@
         <dependency>
             <groupId>mysql</groupId>
             <artifactId>mysql-connector-java</artifactId>
-            <version>5.1.34</version>
+            <version>${mysql-connector.java}</version>
         </dependency>
     </dependencies>
 
diff --git a/id/server/stork2-commons/pom.xml b/id/server/stork2-commons/pom.xml
index 81f2cf4e5..1a8dfd786 100644
--- a/id/server/stork2-commons/pom.xml
+++ b/id/server/stork2-commons/pom.xml
@@ -34,7 +34,7 @@
 		<dependency>
 			<groupId>joda-time</groupId>
 			<artifactId>joda-time</artifactId>
-			<version>2.3</version>
+			<version>${jodatime.version}</version>
 		</dependency>
 
 		<!-- Log4J -->
@@ -113,7 +113,6 @@
 		<dependency>
 			<groupId>junit</groupId>
 			<artifactId>junit</artifactId>
-			<version>4.11</version>
 			<scope>test</scope>
 		</dependency>
 	</dependencies>
diff --git a/id/server/stork2-saml-engine/pom.xml b/id/server/stork2-saml-engine/pom.xml
index e5d3dc1f4..36df747e4 100644
--- a/id/server/stork2-saml-engine/pom.xml
+++ b/id/server/stork2-saml-engine/pom.xml
@@ -96,7 +96,6 @@
 		<dependency>
 			<groupId>org.slf4j</groupId>
 			<artifactId>slf4j-api</artifactId>
-			<version>1.7.10</version>
 		</dependency>
 <!-- 		<dependency>
 			<groupId>org.slf4j</groupId>
@@ -106,7 +105,6 @@
 		<dependency>
 			<groupId>org.slf4j</groupId>
 			<artifactId>jcl-over-slf4j</artifactId>
-			<version>1.7.10</version>
 		</dependency>
 <!-- 		<dependency>
 			<groupId>org.slf4j</groupId>
@@ -116,13 +114,11 @@
 		<dependency>
 			<groupId>org.slf4j</groupId>
 			<artifactId>jul-to-slf4j</artifactId>
-			<version>1.7.10</version>
 		</dependency>
 
 		<dependency>
 			<groupId>commons-io</groupId>
 			<artifactId>commons-io</artifactId>
-			<version>2.4</version>
 			<scope>compile</scope>
 		</dependency>
 		<dependency>
@@ -133,7 +129,6 @@
 		<dependency>
 			<groupId>junit</groupId>
 			<artifactId>junit</artifactId>
-			<version>4.11</version>
 			<scope>test</scope>
 		</dependency>
 	</dependencies>
diff --git a/pom.xml b/pom.xml
index 8897201b0..a87900e72 100644
--- a/pom.xml
+++ b/pom.xml
@@ -21,16 +21,31 @@
 		<moa-commons-version>2.0.1</moa-commons-version>
 		-->
 		
-		<moa-commons-version>2.0.3-SNAPSHOT</moa-commons-version>
-		<moa-id-version>2.2.1-SNAPSHOT</moa-id-version>
-		<moa-id-proxy-version>2.0.1-SNAPSHOT</moa-id-proxy-version>
-		<moa-spss-version>2.0.5-SNAPSHOT</moa-spss-version>
-		<configtool-version>1.1.6-SNAPSHOT</configtool-version>
-		<demo-oa-version>2.0.4-SNAPSHOT</demo-oa-version>
+			<!-- Project Version -->
+			<moa-commons-version>2.0.3</moa-commons-version>
+			<moa-id-version>2.2.1</moa-id-version>
+			<moa-id-proxy-version>2.0.1-SNAPSHOT</moa-id-proxy-version>
+			<moa-spss-version>2.0.5</moa-spss-version>
+			<configtool-version>1.1.6</configtool-version>
+			<demo-oa-version>2.0.4</demo-oa-version>
 		
-		<org.springframework.version>4.1.5.RELEASE</org.springframework.version>
-		<surefire.version>2.18.1</surefire.version>
-
+			<!-- Library Versions -->
+			<org.springframework.version>4.1.6.RELEASE</org.springframework.version>
+			<surefire.version>2.18.1</surefire.version>		
+			<opensaml.version>2.6.5</opensaml.version>
+			<xmltooling.version>1.4.5</xmltooling.version>
+			<cxf.version>3.0.4</cxf.version>
+			<struts.version>2.3.20</struts.version>
+			<egovutils.version>2.0.0</egovutils.version>
+			<slf4j.version>1.7.12</slf4j.version>
+			<hibernate.version>4.3.8.Final</hibernate.version>
+			<mysql-connector.java>5.1.35</mysql-connector.java>			
+			<junit.version>4.11</junit.version>
+			<org.apache.commons.io.version>2.4</org.apache.commons.io.version>
+			<org.apache.commons.lang3.version>3.4</org.apache.commons.lang3.version>
+			<org.apache.commons.collections4.version>4.0</org.apache.commons.collections4.version>
+			<jodatime.version>2.7</jodatime.version>
+			
     </properties>
 
     <profiles>
@@ -232,15 +247,65 @@
 			<dependency>
   				<groupId>org.opensaml</groupId>
   				<artifactId>opensaml</artifactId>
-  				<version>2.6.5</version>
+  				<version>${opensaml.version}</version>
   			</dependency>  		
 			<dependency>
 				<groupId>org.opensaml</groupId>
 				<artifactId>xmltooling</artifactId>
-				<version>1.4.5</version>
+				<version>${xmltooling.version}</version>
 			</dependency>
 
+    	<dependency>
+        	<groupId>org.apache.cxf</groupId>
+        	<artifactId>cxf-rt-frontend-jaxws</artifactId>
+        	<version>${cxf.version}</version>
+    	</dependency>
+    	<dependency>
+        	<groupId>org.apache.cxf</groupId>
+        	<artifactId>cxf-rt-transports-http</artifactId>
+        	<version>${cxf.version}</version>
+    	</dependency>
+
+
+        <dependency>
+            <groupId>org.apache.struts</groupId>
+            <artifactId>struts2-core</artifactId>
+            <version>${struts.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.struts</groupId>
+            <artifactId>struts2-json-plugin</artifactId>
+            <version>${struts.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>at.gv.util</groupId>
+            <artifactId>egovutils</artifactId>
+            <version>${egovutils.version}</version>
+        </dependency>
 
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-api</artifactId>
+            <version>${slf4j.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>jcl-over-slf4j</artifactId>
+            <version>${slf4j.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>jul-to-slf4j</artifactId>
+            <version>${slf4j.version}</version>
+        </dependency>
+        <dependency>
+						<groupId>org.slf4j</groupId>
+						<artifactId>slf4j-log4j12</artifactId>
+						<version>${slf4j.version}</version>
+				</dependency>
+			
+			
             <dependency>
                 <groupId>axis</groupId>
                 <artifactId>axis</artifactId>
@@ -307,7 +372,7 @@
             <dependency>
 							 <groupId>org.apache.httpcomponents</groupId>
 							 <artifactId>httpclient</artifactId>
-							 <version>4.4</version>
+							 <version>4.4.1</version>
 						</dependency>            
             <dependency>
                 <groupId>dav4j</groupId>
-- 
cgit v1.2.3