From 92717efaa56e3d0f7c271b91483507cf981b417b Mon Sep 17 00:00:00 2001
From: Thomas Knall <t.knall@datentechnik-innovation.com>
Date: Fri, 16 Jan 2015 10:19:44 +0100
Subject: Add minor fixes and updates.

- Fix moa-id-auth web.xml and upgrade to servlet 3.0.
- Reformat loginFormFull.html in order to enhance readability.
- Add some TODOs and FIXMEs.
- Adding some comments to DispatcherServlet in order to ease understanding the process.
---
 id/server/auth/src/main/webapp/WEB-INF/web.xml | 71 ++++++++++++++++----------
 1 file changed, 44 insertions(+), 27 deletions(-)

(limited to 'id/server/auth/src')

diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml
index 42085b01e..fb3888a3e 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/web.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml
@@ -1,8 +1,25 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN' 'http://java.sun.com/dtd/web-app_2_3.dtd'>
-<web-app>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+	version="3.0">
 	<display-name>MOA ID Auth</display-name>
 	<description>MOA ID Authentication Service</description>
+
+	<!-- bootstrap loader for spring framework -->
+	<listener>
+		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
+	</listener>
+
+	<!-- exposes request and response to the current thread -->
+	<filter>
+		<filter-name>requestContextFilter</filter-name>
+		<filter-class>org.springframework.web.filter.RequestContextFilter</filter-class>
+	</filter>
+	<filter-mapping>
+		<filter-name>requestContextFilter</filter-name>
+		<url-pattern>/*</url-pattern>
+	</filter-mapping>
+
 <!-- 	<servlet>
 		<servlet-name>SelectBKU</servlet-name>
 		<display-name>SelectBKU</display-name>
@@ -10,63 +27,63 @@
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.SelectBKUServlet</servlet-class>
 	</servlet> -->
 	<servlet>
-		<servlet-name>GenerateIframeTemplate</servlet-name>
-		<display-name>GenerateIframeTemplate</display-name>
 		<description>Generate BKU Request template</description>
+		<display-name>GenerateIframeTemplate</display-name>
+		<servlet-name>GenerateIframeTemplate</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet</servlet-class>
 	</servlet>
 	<servlet>
-		<servlet-name>RedirectServlet</servlet-name>
 		<display-name>RedirectServlet</display-name>
+		<servlet-name>RedirectServlet</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.RedirectServlet</servlet-class>
 	</servlet>
 	<servlet>
-		<servlet-name>MonitoringServlet</servlet-name>
 		<display-name>MonitoringServlet</display-name>
+		<servlet-name>MonitoringServlet</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.MonitoringServlet</servlet-class>
 	</servlet>
 	<servlet>
-		<servlet-name>SSOSendAssertionServlet</servlet-name>
 		<display-name>SSOSendAssertionServlet</display-name>
+		<servlet-name>SSOSendAssertionServlet</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.SSOSendAssertionServlet</servlet-class>
 	</servlet>	
 	<servlet>
-		<servlet-name>LogOut</servlet-name>
-		<display-name>LogOut</display-name>
 		<description>SSO LogOut</description>
+		<display-name>LogOut</display-name>
+		<servlet-name>LogOut</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.LogOutServlet</servlet-class>
 	</servlet>
 	
 	<servlet>
-		<servlet-name>IDPSLO</servlet-name>
-		<display-name>IDP-SLO</display-name>
 		<description>IDP Single LogOut Service</description>
+		<display-name>IDP-SLO</display-name>
+		<servlet-name>IDPSLO</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.IDPSingleLogOutServlet</servlet-class>
 	</servlet>
 	
 	<servlet>
-		<servlet-name>VerifyIdentityLink</servlet-name>
-		<display-name>VerifyIdentityLink</display-name>
 		<description>Verify identity link coming from security layer</description>
+		<display-name>VerifyIdentityLink</display-name>
+		<servlet-name>VerifyIdentityLink</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet</servlet-class>
 	</servlet>
 	<servlet>
-		<servlet-name>VerifyCertificate</servlet-name>
-		<display-name>VerifyCertificate</display-name>
 		<description>Verify the certificate coming from security layer</description>
+		<display-name>VerifyCertificate</display-name>
+		<servlet-name>VerifyCertificate</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet</servlet-class>
 	</servlet>
 	<servlet>
-		<servlet-name>GetMISSessionID</servlet-name>
-		<display-name>GetMISSessionID</display-name>
 		<description>Get the MIS session ID coming from security layer</description>
+		<display-name>GetMISSessionID</display-name>
+		<servlet-name>GetMISSessionID</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.GetMISSessionIDServlet</servlet-class>
 	</servlet>
 
 	<servlet>
-		<servlet-name>GetForeignID</servlet-name>
-		<display-name>GetForeignID</display-name>
 		<description>Gets the foreign eID from security layer</description>
+		<display-name>GetForeignID</display-name>
+		<servlet-name>GetForeignID</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.GetForeignIDServlet</servlet-class>
 	</servlet>
 <!-- 	<servlet>
@@ -76,9 +93,9 @@
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.ProcessValidatorInputServlet</servlet-class>
 	</servlet> -->
 	<servlet>
-		<servlet-name>VerifyAuthBlock</servlet-name>
-		<display-name>VerifyAuthBlock</display-name>
 		<description>Verify AUTH block coming from security layer</description>
+		<display-name>VerifyAuthBlock</display-name>
+		<servlet-name>VerifyAuthBlock</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet</servlet-class>
 	</servlet>
 <!-- 	<servlet>
@@ -89,8 +106,8 @@
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.ConfigurationServlet</servlet-class>
 	</servlet> -->
 	<servlet>
-		<servlet-name>AxisServlet</servlet-name>
 		<display-name>Apache-Axis Servlet</display-name>
+		<servlet-name>AxisServlet</servlet-name>
 		<servlet-class>org.apache.axis.transport.http.AxisServlet</servlet-class>
 	</servlet>
 
@@ -100,18 +117,18 @@
 		<servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>
 	</servlet> -->
 	<servlet>
-		<servlet-name>PEPSConnectorServlet</servlet-name>
-		<display-name>PEPSConnectorServlet</display-name>
 		<description>Servlet receiving STORK SAML Response Messages from
 			different C-PEPS</description>
+		<display-name>PEPSConnectorServlet</display-name>
+		<servlet-name>PEPSConnectorServlet</servlet-name>
 		<servlet-class>
 			at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet</servlet-class>
 	</servlet>
 	<servlet>
-		<servlet-name>PEPSConnectorWithLocalSigningServlet</servlet-name>
-		<display-name>PEPSConnectorWithLocalSigningServlet</display-name>
 		<description>Servlet receiving STORK SAML Response Messages from
 			different C-PEPS</description>
+		<display-name>PEPSConnectorWithLocalSigningServlet</display-name>
+		<servlet-name>PEPSConnectorWithLocalSigningServlet</servlet-name>
 		<servlet-class>
 			at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet</servlet-class>
 	</servlet>
@@ -124,8 +141,8 @@
 		<load-on-startup>1</load-on-startup>
 	</servlet>-->
 	<servlet>
-		<servlet-name>DispatcherServlet</servlet-name>
 		<display-name>Dispatcher Servlet</display-name>
+		<servlet-name>DispatcherServlet</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.entrypoints.DispatcherServlet</servlet-class>
 		<load-on-startup>1</load-on-startup>
 	</servlet>
-- 
cgit v1.2.3


From 1e0d9d236dec23ed079f043bd87e8b2cd0f87907 Mon Sep 17 00:00:00 2001
From: Christian Maierhofer <cmaierhofer@iaik.tugraz.at>
Date: Fri, 16 Jan 2015 10:29:11 +0100
Subject: modified moa-id auth start page

---
 id/server/auth/src/main/webapp/common/MOA.css      | 617 ---------------------
 .../auth/src/main/webapp/common/logo_digAT.png     | Bin 0 -> 22964 bytes
 id/server/auth/src/main/webapp/common/main.css     | 253 +++++++++
 id/server/auth/src/main/webapp/index.html          | 193 +++----
 id/server/doc/handbook/common/LogoBKA.png          | Bin 8062 -> 0 bytes
 5 files changed, 344 insertions(+), 719 deletions(-)
 delete mode 100644 id/server/auth/src/main/webapp/common/MOA.css
 create mode 100644 id/server/auth/src/main/webapp/common/logo_digAT.png
 create mode 100644 id/server/auth/src/main/webapp/common/main.css
 delete mode 100644 id/server/doc/handbook/common/LogoBKA.png

(limited to 'id/server/auth/src')

diff --git a/id/server/auth/src/main/webapp/common/MOA.css b/id/server/auth/src/main/webapp/common/MOA.css
deleted file mode 100644
index b7a2b9280..000000000
--- a/id/server/auth/src/main/webapp/common/MOA.css
+++ /dev/null
@@ -1,617 +0,0 @@
-body
-{ 
-  font-family: "Times New Roman", Times, serif;
-  font-size: medium;
-  font-weight: normal;
-  margin-left: 2.5em;
-  margin-right: 2.5em;
-  background-color: white;
-  text: #000000;
-  link: #990000;
-  vlink: #666666; 
-  alink: #cc9966;
-}
-
-
-
-p
-{ 
-  margin-top: 0pt;
-  margin-bottom: 0.5em;
-  text-align: justify
-}
-
-pre 
-{ 
-  font-family: "Courier New", monospace;
-  font-size: 90%;
-  background-color: #cccccc;
-  color: #000000;
-  margin-left:1.5%;
-  margin-right:1.5%;
-  margin-top: 1em;
-  margin-bottom: 1em;
-  border: #008000 none;
-}
-
-hr 
-{
-  color: #000080;
-  background-color: #000080;
-  margin-top: 0.5em;
-  margin-bottom: 0.5em;
-}
-
-table.fixedWidth
-{
-  width: 97%;
-  margin-left:1.5%;
-  margin-right:1.5%;
-  margin-top: 1em;
-  margin-bottom: 1em;
-}
-
-
-table.varWidth
-{
-  margin-left:1.5%;
-  margin-top: 1em;
-  margin-bottom: 1em;
-}
-
-th
-{
-  text-align: left;
-}
-
-h1
-{ 
-  color: #000000; 
-  text-align: left;
-  font-size: 167%;
-  font-family: Arial, Helvetica, sans-serif;
-  font-weight: normal;
-  background-color:#999;
-}
-
-h2
-{ 
-  color: #000000;
-  font-size: 150%;
-  font-family: Arial, Helvetica, sans-serif;
-  font-weight: normal;
-  background-color:#999;
-}
-
-h3
-{ 
-  color: #000000;
-  font-size: 133%; 
-  font-family: Arial, Helvetica, sans-serif;
-  font-weight: normal;
-  background-color:#999;
-}
-
-h4
-{
-  color: #000000;
-  font-size: 116%;
-  font-family: Arial, Helvetica, sans-serif;
-  font-weight: normal;
-  background-color:#999;
-}
-
-h5
-{ 
-  color: #000000;
-  font-size: 100%;
-  font-family: Arial, Helvetica, sans-serif;
-  font-weight: normal;
-  background-color:#999;
-}
-
-h6
-{ 
-  color: #000000;
-  font-size: 83%;
-  font-family: Arial, Helvetica, sans-serif;
-  font-weight: normal;
-  background-color:#999;
-}
-
-code
-{
-  font-family: "Courier New", Courier, monospace;
-  font-size: 90%;
-  color: #000000
-}
-
-dd
-{
-  margin-top: 0.8em;
-  margin-bottom: 0.8em;
-  text-align: justify
-
-}
-
-dt 
-{
-  margin-top: 0.8em;
-  font-family: Arial, Helvetica, sans-serif;
-  color: #000080
-}
-
-ol
-{
-  margin-top: 0.5em;
-  margin-bottom: 0.5em
-}
-
-ol.alpha
-{
-  list-style-type: lower-alpha
-}
-
-li
-{
-  margin-top: 0.25em;
-  margin-bottom: 0.25em;
-  text-align: justify
-}
-
-a:hover
-{
-  color: #990000
-}
-
-
-.title
-{
-  text-align: left;
-  font-size: 200%;
-  color: #000000;
-  font-family: Arial, Helvetica, sans-serif;
-  margin-top: 0.4em;
-  margin-bottom: 0.4em;
-  background-color:#999;
-}
-
-.subtitle 
-{  
-  text-align: left;
-  font-size: 133%;
-  color: #000000;
-  font-family: Arial, Helvetica, sans-serif;
-  margin-top: 0.4em;
-  margin-bottom: 0.4em
-}
-
-.glossaryTerm 
-{  
-  font-style: italic;
-  color: #006699
-}
-
-.example
-{ 
-  font-family: "Courier New", monospace;
-  background-color: #CCFFFF;
-  color: #000000;
-  margin: 0pt 0pt;
-  border: #008000 none
-}
-
-.schema
-{ 
-  font-family: "Courier New", monospace;
-  background-color: #FFFFCC;
-  color: #000000;
-  margin: 0pt 0pt;
-  border: #008000 none
-}
-
-.documentinfo
-{
-  font-family: Arial, Helvetica, sans-serif;
-  font-size: 100%;
-}
-
-.ol-contents
-{
-  font-size: 100%;
-  margin-top: 0.0em;
-  margin-bottom: 0.0em;
-}
-
-.li-contents
-{
-  font-size: 100%;
-  margin-top: 0.0em;
-  margin-bottom: 0.0em;
-}
-
-.logoTitle 
-{ 
-  text-align: center;
-  font-size: 200%;
-  color: #000080;
-  font-family: Arial, Helvetica, sans-serif;
-}
-
-.logoTable 
-{ 
-  margin-bottom: 0px;
-  margin-left: 0px
-}
-
-.superscript
-{ 
-  vertical-align: super;
-  font-size: 66%;
-}
-
-.term
-{ 
-  font-style: italic; 
-}
-
-.comment
-{
-  color: #000000;
-  background: #ffff00;
-  font-style: italic
-}
-
-.addedErrata12
-{  
-  color: #FF0000; 
-  background-color: #FFEEEE;
-  text-decoration: underline
-}
-
-.deletedErrata12
-{
-  color: #999999;
-  background-color: #EEEEEE;
-  text-decoration: line-through
-}
-
-.added12
-{  
-  color: #FF0000; 
-  text-decoration: underline
-; background-color: #F8F0FF
-}
-
-.deleted12
-{
-  color: #999999;
-  text-decoration: line-through
-; background-color: #f8f0ff
-}
-
-.rfc2119Keyword 
-{ 
-  font-variant: small-caps;
-  font-style: normal;
-}
-
-.remark {  font-style: italic}
-
-li.faq
-{
-  margin-top: 1.5em;
-  margin-bottom: 1.5em;
-}
-
-.faq-question
-{ 
-  color: #000080;
-  font-size: 100%;
-  font-family: Arial, Helvetica, sans-serif;
-  font-weight: normal;
-  margin-bottom: 0.4em;
-}
-
-
-/*body
-{ 
-  font-family: "Times New Roman", Times, serif;
-  font-size: medium;
-  font-weight: normal;
-  margin-left: 2.5em;
-  margin-right: 2.5em;
-}
-
-p
-{ 
-  margin-top: 0pt;
-  margin-bottom: 0.5em;
-  text-align: justify
-}
-
-pre 
-{ 
-  font-family: "Courier New", monospace;
-  font-size: 90%;
-  background-color: #cccccc;
-  color: #000000;
-  margin-left:1.5%;
-  margin-right:1.5%;
-  margin-top: 1em;
-  margin-bottom: 1em;
-  border: #008000 none;
-}
-
-hr 
-{
-  color: #000080;
-  background-color: #000080;
-  margin-top: 0.5em;
-  margin-bottom: 0.5em;
-}
-
-table.fixedWidth
-{
-  width: 97%;
-  margin-left:1.5%;
-  margin-right:1.5%;
-  margin-top: 1em;
-  margin-bottom: 1em;
-}
-
-
-table.varWidth
-{
-  margin-left:1.5%;
-  margin-top: 1em;
-  margin-bottom: 1em;
-}
-
-th
-{
-  text-align: left;
-}
-
-h1
-{ 
-  color: #000080; 
-  text-align: left;
-  font-size: 167%;
-  font-family: Arial, Helvetica, sans-serif;
-  font-weight: normal
-}
-
-h2
-{ 
-  color: #000080;
-  font-size: 150%;
-  font-family: Arial, Helvetica, sans-serif;
-  font-weight: normal
-}
-
-h3
-{ 
-  color: #000080;
-  font-size: 133%; 
-  font-family: Arial, Helvetica, sans-serif;
-  font-weight: normal
-}
-
-h4
-{
-  color: #000080;
-  font-size: 116%;
-  font-family: Arial, Helvetica, sans-serif;
-  font-weight: normal
-}
-
-h5
-{ 
-  color: #000080;
-  font-size: 100%;
-  font-family: Arial, Helvetica, sans-serif;
-  font-weight: normal
-}
-
-h6
-{ 
-  color: #000080;
-  font-size: 83%;
-  font-family: Arial, Helvetica, sans-serif;
-  font-weight: normal
-}
-
-code
-{
-  font-family: "Courier New", Courier, monospace;
-  font-size: 90%;
-  color: #000000
-}
-
-dd
-{
-  margin-top: 0.8em;
-  margin-bottom: 0.8em;
-  text-align: justify
-
-}
-
-dt 
-{
-  margin-top: 0.8em;
-  font-family: Arial, Helvetica, sans-serif;
-  color: #000080
-}
-
-ol
-{
-  margin-top: 0.5em;
-  margin-bottom: 0.5em
-}
-
-ol.alpha
-{
-  list-style-type: lower-alpha
-}
-
-li
-{
-  margin-top: 0.25em;
-  margin-bottom: 0.25em;
-  text-align: justify
-}
-
-a:hover
-{
-  color: #990000
-}
-
-
-.title
-{
-  text-align: left;
-  font-size: 167%;
-  color: #000080;
-  font-family: Arial, Helvetica, sans-serif;
-  margin-top: 0.4em;
-  margin-bottom: 0.4em
-}
-
-.subtitle 
-{  
-  text-align: left;
-  font-size: 133%;
-  color: #000080;
-  font-family: Arial, Helvetica, sans-serif;
-  margin-top: 0.4em;
-  margin-bottom: 0.4em
-}
-
-.glossaryTerm 
-{  
-  font-style: italic;
-  color: #006699
-}
-
-.example
-{ 
-  font-family: "Courier New", monospace;
-  background-color: #CCFFFF;
-  color: #000000;
-  margin: 0pt 0pt;
-  border: #008000 none
-}
-
-.schema
-{ 
-  font-family: "Courier New", monospace;
-  background-color: #FFFFCC;
-  color: #000000;
-  margin: 0pt 0pt;
-  border: #008000 none
-}
-
-.documentinfo
-{
-  font-family: Arial, Helvetica, sans-serif;
-  font-size: 100%;
-}
-
-.ol-contents
-{
-  font-size: 100%;
-  margin-top: 0.0em;
-  margin-bottom: 0.0em;
-}
-
-.li-contents
-{
-  font-size: 100%;
-  margin-top: 0.0em;
-  margin-bottom: 0.0em;
-}
-
-.logoTitle 
-{ 
-  text-align: center;
-  font-size: 133%;
-  color: #000080;
-  font-family: Arial, Helvetica, sans-serif;
-}
-
-.logoTable 
-{ 
-  margin-bottom: 0px;
-  margin-left: 0px
-}
-
-.superscript
-{ 
-  vertical-align: super;
-  font-size: 66%;
-}
-
-.term
-{ 
-  font-style: italic; 
-}
-
-.comment
-{
-  color: #000000;
-  background: #ffff00;
-  font-style: italic
-}
-
-.addedErrata12
-{  
-  color: #FF0000; 
-  background-color: #FFEEEE;
-  text-decoration: underline
-}
-
-.deletedErrata12
-{
-  color: #999999;
-  background-color: #EEEEEE;
-  text-decoration: line-through
-}
-
-.added12
-{  
-  color: #FF0000; 
-  text-decoration: underline
-; background-color: #F8F0FF
-}
-
-.deleted12
-{
-  color: #999999;
-  text-decoration: line-through
-; background-color: #f8f0ff
-}
-
-.rfc2119Keyword 
-{ 
-  font-variant: small-caps;
-  font-style: normal;
-}
-
-.remark {  font-style: italic}
-
-li.faq
-{
-  margin-top: 1.5em;
-  margin-bottom: 1.5em;
-}
-
-.faq-question
-{ 
-  color: #000080;
-  font-size: 100%;
-  font-family: Arial, Helvetica, sans-serif;
-  font-weight: normal;
-  margin-bottom: 0.4em;
-}
-*/
\ No newline at end of file
diff --git a/id/server/auth/src/main/webapp/common/logo_digAT.png b/id/server/auth/src/main/webapp/common/logo_digAT.png
new file mode 100644
index 000000000..4f36681e2
Binary files /dev/null and b/id/server/auth/src/main/webapp/common/logo_digAT.png differ
diff --git a/id/server/auth/src/main/webapp/common/main.css b/id/server/auth/src/main/webapp/common/main.css
new file mode 100644
index 000000000..6bd964346
--- /dev/null
+++ b/id/server/auth/src/main/webapp/common/main.css
@@ -0,0 +1,253 @@
+html {
+	font-family: "Roboto", sans-serif;
+	color: #000;
+    font-weight:300;
+}
+
+.container {
+	margin: auto;
+	max-width: 1000px;
+	padding-left: 20px;
+	padding-right: 20px;
+}
+
+body {
+	margin: 0;
+	padding: 0;
+	letter-spacing: 0.05em;
+}
+
+h1
+{
+font-family: "Roboto", sans-serif;
+}
+
+#headline {
+	/*background: linear-gradient(center top , #FAFAFA, #F5F5F5) repeat scroll 0% 0% transparent;*/
+	background: linear-gradient(#FAFAFA, #F5F5F5);
+	border-bottom: 1px solid #EEE;
+}
+
+#headline br {
+	clear: both;
+}
+
+#headline h1 {
+		color: #404040;
+		padding-right: 1em;
+		padding-top: 0.3em;
+		margin-bottom: 0;
+		float: right;
+          font-size: 220%;
+  font-weight: 400;
+	}
+#headline img {
+        width: 300px;
+        padding-left: 0;
+        padding-top: 35px;
+        padding-bottom:20px;
+    }
+
+#description {
+	text-align: justify;
+}
+
+#maincontent {
+	height: 13em;
+}
+
+#demologin p {
+	padding-left: 10px;
+	padding-right: 10px;
+	text-align: justify;
+	font-size: 100%;
+	color: #000;
+    padding-top:20px;
+    
+}
+
+#demologin a{
+    
+}
+
+.button {
+	border-radius: 5px;
+	/*background-color: rgb(41,127,184); */
+	background-color: #E10319;
+	text-decoration: none;
+	text-transform: uppercase;
+	padding: 10px 80px 10px 80px;
+	letter-spacing: 1.5px;
+	text-shadow: 0px 1px 0px rgba(0, 0, 0, 0.3);
+	color: WHITE;
+	box-shadow: 0px 2px 2px rgba(0, 0, 0, 0.3);
+	margin-left: 10px;
+}
+
+.button:hover {
+	box-shadow: 0px 2px 2px rgba(0, 0, 0, 0.8);
+	text-shadow: 0px 1px 0px rgba(0, 0, 0, 0.9);
+}
+
+#singlelogout {
+	clear: both;
+	width: 100%;
+	box-sizing: border-box;
+
+}
+a{
+	text-decoration: none;
+    font-size:100%;
+    color: #666;
+}
+a:hover{
+	text-decoration: none;
+    font-size:100%;
+    color: #E10319;
+}
+
+/*****************************/
+@media ( max-width :599px) {
+	  #headline {
+        /*background: linear-gradient(center top , #FAFAFA, #F5F5F5) repeat scroll 0% 0% transparent;*/
+        background: linear-gradient(#FAFAFA, #F5F5F5);
+        border-bottom: 1px solid #EEE;
+    }   
+
+    #headline img {
+        width: 150px;
+        padding-left: 0;
+        padding-top: 0.5em;
+        padding-bottom:0.5em;
+    }
+    #headline br {
+        clear: both;
+    }
+    #headline h1 {font-family: "Roboto", sans-serif;
+        color: #404040;
+        padding: 0;
+        margin-bottom: 0;
+        margin-top: 0;
+        text-align: center;
+    }
+	nav {
+		display: block;
+		width: 100%;
+        text-align: center;
+		box-sizing: border-box;
+		color: WHITE;
+		margin: 0px 0px 0px 0px;
+		overflow: hidden;
+
+	}
+	nav ul {
+		margin: 0;
+		padding: 0;
+	}
+	nav ul li {
+		list-style-type: none;
+		padding-top: 2px;
+        padding-bottom: 2px;
+	}
+	nav>ul>li>a {
+		color: #666;
+		display: block;
+		text-decoration: none;
+	}
+	nav>ul>li:hover {
+		color: #404040;
+	}
+	nav>ul>li:hover>a {
+		color: #404040;
+	}
+	nav>ul>li:active>a {
+		color: #404040;
+	}
+	#demologin {
+		width: 100%;
+		box-sizing: border-box;
+		border: 1px solid;
+		border-radius: 1px;
+		border-color: #818286;
+		background: #F5F5F5;
+		height: 182px;
+		width: 242px;
+		margin-top: 18px;
+        padding-left:0;
+	}
+}
+/*****************************/
+@media ( min-width :600px) {
+    #headline {
+	/*background: linear-gradient(center top , #FAFAFA, #F5F5F5) repeat scroll 0% 0% transparent;*/
+	background: linear-gradient(#FAFAFA, #F5F5F5);
+	border-bottom: 1px solid #EEE;
+
+    }
+	#headline br {
+		clear: both;
+	}
+
+	#headline h1 {
+        color: #404040;
+		padding-right: 1em;
+		padding-top: 0.15em;
+		margin-bottom: 0;
+		float: right;
+	}
+    #headline img {
+        width: 300px;
+        padding-left: 0;
+        padding-top: 35px;
+        padding-bottom:20px;
+    }
+	nav {
+		display: block;
+		float: left;
+		width: 30%;
+		box-sizing: border-box;
+		background-color: #fff;
+		color: #888;
+		margin: 8px 0px 8px 0px;
+		overflow: hidden;
+	}
+	nav ul {
+		margin: 0;
+		padding: 0;
+	}
+	nav ul li {
+		list-style-type: none;
+		padding-top: 15px;
+	}
+	nav>ul>li>a {
+		color: #666;
+		display: block;
+		text-decoration: none;
+	}
+	nav>ul>li:hover {
+		color: #E10319;
+	}
+	nav>ul>li:hover>a {
+		color: #E10319;
+	}
+	nav>ul>li:active>a {
+		color: #E10319;
+	}
+	#demologin {
+		float: right;
+		width: 50%;
+		box-sizing: border-box;
+		border: 1px solid;
+		border-radius: 1px;
+		border-color: #818286;
+		background: #F5F5F5;
+		height: 282px;
+		width: 342px;
+		margin-right: 150px;
+		margin-top: 18px;
+        padding-left:0;
+	}
+    #demologin a:hover{
+        color:white;
+    }
+}
\ No newline at end of file
diff --git a/id/server/auth/src/main/webapp/index.html b/id/server/auth/src/main/webapp/index.html
index 391195def..381d8d82d 100644
--- a/id/server/auth/src/main/webapp/index.html
+++ b/id/server/auth/src/main/webapp/index.html
@@ -1,102 +1,91 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<html>
-<head>
-  <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" >
-  <title>MOA-ID 2.1.x</title>
-  <link rel="stylesheet" href="./common/MOA.css" type="text/css">
-</head>
-<body link="#990000"> 
-  <table class="logoTable" width="100%" border="0" cellspacing="0" cellpadding="10">
-    <tr>
-      <td align="center" class="logoTitle" width="267"><img src="./common/LogoBKA.png" alt="Logo BKA" width="267" height="37" align="left"></td>
-      <td align="center" class="logoTitle">&nbsp;</td>
-      <td align="center" class="logoTitle" width="123"><img src="./common/LogoEGIZ.png" alt="Logo EGIZ" width="230" height="81" align="right"></td>
-    </tr>
-  </table>
-  <hr/> 
-  <p class="title">MOA-ID 2.1.2</p> 
-<hr/>
-  <h1>Inhalt</h1>
-  <ol>
-    <li><a href="#allgemeines">Allgemeines</a>
-      <ol>
-        <li><a href="#allgemeines_service">Externe Services</a></li>
-      </ol>
-    </li>
-    <li><a href="#ss">MOA-ID-Auth </a>
-      <ol>
-        <li><a href="#ablauf">Ablauf einer Anmeldung</a></li>
-      </ol>
-    </li>
-    <li><a href="#sp">MOA-ID-Configuration</a></li>
-  </ol>
-<hr/>
-  <h1><a name="allgemeines"></a>1 Allgemeines</h1>
-  <p> Das Module MOA-ID-Auth kann von Anwendungen zur Identifizierung und Authentifizierung im Rahmen eines Anmeldeprozesses an einer Online-Applikation verwendet werden. Die Konfiguration des Modules MOA-ID-Auth erfolgt mit Hilfe des Zusatzmodules MOA-ID-Configuration welches eine web-basierte Konfigurationsschnittstelle zur Verf&uuml;gung stellt.</p>
-  <p>Das nachfolgende Blockdiagramm zeigt Struktur von MOA-ID und gibt eine kurze Beschreibung der einzelnen Komponenten.</p>
-  <p><img src="Blockdiagramm.png" alt="Architektur MOA-ID" width="1000" height="678"></p>
-  <p>&nbsp;</p>
-<p>MOA-ID besteht aus folgenden Kernkomponenten:</p>
-  <ol>
-    <li><u>CORE LOGIC</u>: Diese Komponente ist die  zentrale Logik zur Steuerung der einzelnen Prozesse innerhalb MOA-ID 2.x.</li>
-    <li><u>Protocol Adapter</u>: Stellt die in MOA-ID  2.x unterst&uuml;tzten Authentifizierungsprotokolle f&uuml;r die Anbindung von Service Providern  zur Verf&uuml;gung.</li>
-    <li><u>Auth Sources</u>: Stellt die von MOA-ID 2.x unterst&uuml;tzten  Identifikationsmechanismen und Single Sign-On Management Funktionen zur Verf&uuml;gung. Dies sind die &ouml;sterreichische B&uuml;rgerkarte oder Handy-Signatur, die  Anmeldung ausl&auml;ndischer Personen mit Hilfe des STORK Protokoll oder mittels Single Sign-On von einem weiteren vertrauensw&uuml;rdigen Identity Provider (Interfederation).  Dieses Modul beinhaltet somit alle jene Funktionen welche f&uuml;r den Authentifizierungs- oder Abmeldeprocess erforderlich sind. </li>
-    <li><u>Template Generator</u>: Der Template Generator erzeugt f&uuml;r Service Provider die  entsprechenden Login-Masken f&uuml;r die Integration in die eigene Web-Applikation.</li>
-    <li><u>SSO Module</u>: Das Single Sign-On (SSO) Modul verwaltet die zus&auml;tzlichen  Operationen die sich aus der Umsetzung von SSO ergeben. Dies umfasst  im Besonderen das SSO Session-Management.</li>
-    <li><u>Statistic Module</u>: Dieses Modul dient zur Generierung  von anonymisierten Statistikdaten aus den Anmeldeinformationen. </li>
-    <li><u>Monitoring &amp; Testing Module</u>: Dieses Modul implementiert  Methoden mit deren Hilfe einzelne funktionale Bereiche aus MOA-ID-Auth getestet  werden k&ouml;nnen. Somit dient dieses Modul als Schnittstellte zu einem externen  Monitoring-Service.</li>
-    <li><u>Configuration</u><u> Modul</u>: Dieses Modul stellt die Schnittstelle zur  MOA-ID-Auth Konfiguration dar welche in einer Datenbank abgelegt wird. </li>
-    <li><u>Konfigurationstool</u>: Oberfl&auml;che, mit deren  Hilfe MOA-ID konfiguriert werden kann. Dies umfasst sowohl allgemeine  Konfigurationsteile als auch die Konfiguration der einzelnen bei MOA-ID-Auth registrierten Online-Applikationen. Service Provider k&ouml;nnen sich am  Konfigurationstool mittels B&uuml;rgerkarte oder Handy-Signatur anmelden und ihre  Online-Applikationen verwalten.</li>
-  </ol>
-  <h2><a name="allgemeines_service" id="allgemeines_service"></a>1.1 Externe Services</h2>
-<p>F&uuml;r die Anmeldung in Vertretung und die Anmeldung ausl&auml;ndischer Personen werden zus&auml;tzliche externe Services verwendet.</p>
-  <h3><a name="allgemeines_service_ovs" id="allgemeines_service2"></a>1.1.1 Online-Vollmachten</h3>
-<p>Ab der MOA-ID Release 1.5.0 werden Online-Vollmachten (f&uuml;r Anwendungen aus dem &ouml;ffentlichen Bereich) unterst&uuml;tzt. Hierzu werden diese Vollmachten &uuml;ber eine Online-Vollmachten-Service ausgew&auml;hlt. Der Zugang zu diesem Online-Vollmachten Service ist &uuml;ber eine Client-Server Authentifizierung abgesichert. Als Client-Zertifikate werden Zertifikate der Firmen A-Trust bzw. A-CERT, die mit der Verwaltungs- oder Dienstleistereigenschaft versehen sind, akzeptiert. </p>
-  <h3><a name="allgemeines_service_szrgw" id="allgemeines_service3"></a>1.1.2 Ausl&auml;ndische B&uuml;rger</h3>
-  <p> Ab der MOA-ID Release 1.4.7 ist es m&ouml;glich, dass sich auch ausl&auml;ndische B&uuml;rger mittels MOA-ID einloggen k&ouml;nnen. Hierzu wird eine Verbindung zu einem sogenannten Stammzahlenregister-Gateway aufgebaut, dass basierend auf den Zertifikatsdaten des ausl&auml;ndischen B&uuml;rgers eine Eintragung im Erg&auml;nzungsregister f&uuml;r nat&uuml;rliche Personen gem&auml;&szlig; E-Government Gesetz &sect;6(5) vornimmt. Somit ist es m&ouml;glich, dass eine Personenbindung ausgestellt werden kann, die in weitere Folge an MOA-ID weitergeleitet wird. Der Zugang zu diesem Stammzahlenregister-Gateway ist &uuml;ber eine Client-Server Authentifizierung abgesichert. Als Client-Zertifikate werden Zertifikate der Firmen A-Trust bzw. A-CERT, die mit der Verwaltungs- oder Dienstleistereigenschaft versehen sind, akzeptiert. </p>
-<h1><a name="moaidauth" id="moaidauth"></a>2 MOA-ID-Auth</h1>
-<p>Das Modul MOA-ID-Auth dient der Identifizierung und Authentifizierung im Rahmen eines Anmeldevorgangs an einer Online-Applikation. Die Identifizierung und Authentifizierung erfolgt mit B&uuml;rgerkartem, Handy-Signatur oder f&uuml;r aus&auml;ndische Personen mittels STORK.</p>
-<p>Die Funktionalit&auml;t und der Aufbau der Schnittstellen des Modules MOA-ID-Auth in Richtung Online-Applikation wird im Kapitel Protokolle beschriebe.
-<p>F&uuml;r den Betrieb von MOA-ID-Auth ist der Einsatz von MOA-Signaturpr&uuml;fung (MOA-SP) erforderlich.</p>
-<h2><a name="ablauf" id="ablauf"></a> 2.1 Ablauf einer Anmeldung</h2>
-<p>Die nachfolgende Grafik beschreibt den Ablauf eines Abmeldevorgangs an einer Online-Applikation mit Hilfe von MOA-ID-Auth unter Verwendung der B&uuml;rgerkarte oder der Handy-Signatur.</p>
-<p><img src="anmeldeablauf.png" width="947" height="881" alt="Sequenzdiagramm eines Anmeldevorgangs mit MOA-ID-Auth"></p>
-<p>&nbsp;</p>
-<ol>
-  <li>Der Benutzer verbindet sich zu einem Web-Portal (Service Provider) &uuml;ber das die Online-Applikation erreichtbar ist. Nach der Bet&auml;tigung eines Login-Buttons wird der Anmeldevorgang ausgel&ouml;st.</li>
-  <li>Der Benutzer wird zur Identifizierung und Authentifizierung an MOA-ID-Auth weitergeleitet. </li>
-  <li>MOA-ID-Auth validiert die Authentifizierungsanfrage des Service Providers</li>
-  <li>MOA-ID-Auth bietet dem Benutzer eine Auswahl von verf&uuml;gbaren Authentifizierungsmethoden (B&uuml;rgerkarte, Handy-Signatur, STORK) an.</li>
-  <li>Der Benutzer w&auml;hlt die gew&uuml;nschte Authentifizierungsmethode und sendet diese an MOA-ID-Auth.</li>
-  <li>MOA-ID-AUTH erzeugt eine HTML-Seite mit einem &lt;InfoboxReadRequest&gt; zum Auslesen der Personenbindung. Diese HTML-Seite wird an den Browser geschickt.</li>
-  <li>Der Browser schickt den &lt;InfoboxReadRequest&gt; an die ausgew&auml;hlte Bürgerkartenumgebung unter Verwendung des Security-Layer. Die Bürgerkartenumgebung liest die Personenbindung von der B&uuml;rgerkarte und sendet diese an MOA-ID-AUTH. MOA-ID-Auth prüft die Signatur der Personenbindung durch einen Aufruf von MOA-SP.</li>
-  <li>MOA-ID-AUTH erstellt den AUTH-Block. Der AUTH-Block enth&auml;lt     Vor- und Nachname aus der Personenbindung,     URL von MOA-ID-AUTH,     URL und Gesch&auml;ftsbereich der Online-Applikation oder im Falle einer SSO Anmeldung die URL und den Gesch&auml;ftsbereich der MOA-ID-Auth Instanz,     die aktuelle Zeit, das aktuelle Datum und einen Zufallswert f&uuml;r diesen Anmeldevorgang. Anschlie&szlig;end wird eine XML Antwortseite, die das Kommando zum Signieren (&lt;CreateXMLSignatureRequest&gt;) des generierten AUTH-Blocks enth&auml;lt, an die ausgew&auml;hlte Bürgerkartenumgebung, unter Verwendung des Security-Layers, gesendet.</li>
-  <li>Der Request wird von der Bürgerkartenumgebung verarbeitet. Die signierten Daten werden an MOA-ID-AUTH zur&uuml;ckgesendet.</li>
-  <li>MOA-ID-Auth &uuml;berpr&uuml;ft den signierten AUTH-Block und generiert Information f&uuml;r weitere Anmeldungen mittels Single Sign-On.</li>
-  <li>MOA-ID-Auth generiert die Anmeldedaten (Assertion) welche folgende Information enthalten: 
-  	<ul>
-    	<li>die bereichsspezifischen Personenkennzeichen (bPK / wbPK)</li>
-    	<li>Vorname, Nachname und Geburtsdatum (optional)</li>
-    	<li>den signierten AUTH-Block (optional)</li>
-    	<li>die Personenbindung (optional)</li>
-    	<li>das Zertifikat mit dem die Signatur erzeugt wurde (optional)</li>
-    	<li>informationen zum Vertreten im Falle einer Anmeldung in Vertretung (optional)</li>
-    	<li>die elektronische Vollmacht im Falle einer Anmeldung in Vertretung (optional)</li>
-    	<li>informationen aus dem STORK Protokoll im Falle einer Anmeldung mittels STORK (optional)</li>
-    </ul>
-  </li>
-  <li> MOA-ID-Auth sendet die Anmeldedaten an den Service-Provider und setzt im Browser des Benutzers ein SSO Session-Tokken welches f&uuml;r weitere Anmeldevorg&auml;nge verwendet werden kann.</li>
-  <li>Die Anmeldedaten werden vom Service-Provider verarbeitet und der Benutzer wird vom Service-Provider an die Online-Applikation weitergeleitet.  </li>
-</ol>
-<h1><a name="config" id="config"></a>3 MOA-ID-Configuration </h1>
-<p>Das Modul MOA-ID-Configuration stellt eine web-basierte Benutzerschnittstelle zur Konfiguration des Moduls MOA-ID-Auth zur Verf&uuml;gung, wobei sich die Konfiguration in zwei Teilbereiche unterteilt ist. Eine detailierte Aufstellung der einzelnen Konfigurationspunkte befindet sich im Kapitel <a href="../config/config.html">Konfiguration</a>.</p>
-<ol>
-  <li>Allgemeine Konfiguration<br>
-  In diesem Bereich sind alle Basiseinstellungen der MOA-ID-Auth Instanz hinterlegt. Beispiele hierf&uuml;r sind Single Sign-On, unterst&uuml;tze Authentifizierungsprotokolle, Informationen zu MOA-ID-Auth, URLs zu externen Services, ... Eine &Auml;nderung der Basiseinstellung erfordert besondere Benutzerrechte am Konfigurationstool.</li>
-  <li>Online-Applikationen<br>
-  In diesem Abschnitt erfolgt die Konfiguration der einzelnen bei MOA-ID-Auth registrierten Service-Provider. Hierbei handelt es sich um authentifizierungsprotkollspezifische Einstellungen, Bereich des Service-Providers (&ouml;ffentlich / Privatwirtschaftlich), Konfiguration der BKU Auswahl, .... Wobei sich die Konfigurationsm&ouml;glichkeiten je nachdem welche Benutzerrechten vergeben sind, unterscheiden k&ouml;nnen.</li>
-</ol>
-<p>Zus&auml;tzlich unterst&uuml;tzt das Module MOA-ID-Configuration auch eine einfache Bentzerverwaltung mit Rechtevergabe mit deren Hilfe die Verwaltung von Online-Applikatioen an den jeweiligen Service-Provider ausgelagert werden kann. Die Anmeldung am Konfigurationstool erfolgt mittels B&uuml;rgerkarte, Handy-Signature oder STORK, wobei optional auch eine Anmeldung mittels Benutzername und Passwort zur Verf&uuml;gung steht.</p>
-<p>&nbsp;</p>
-</body>
-</html>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+    <head>
+        <meta http-equiv="content-type" content="text/html; charset=utf8" >
+        <title>MOA-ID 2.1.x</title>
+        <link rel="stylesheet" href="./common/main.css" type="text/css">
+        <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
+        <link href='https://fonts.googleapis.com/css?family=Roboto:300,400' rel='stylesheet' type='text/css'>
+        <script language="JavaScript" type="text/javascript">
+        
+            function PVP2LoginIframe(url) {
+                var el = document.getElementById("demologin");
+                var iframe = document.createElement("iframe");
+                iframe.setAttribute("src", url);
+                iframe.setAttribute("width", "240");
+                iframe.setAttribute("height", "180");
+                iframe.setAttribute("frameborder", "0");
+                iframe.setAttribute("scrolling", "no");
+                iframe.setAttribute("title", "Login");
+                //iframe.setAttribute("scrolling", "yes");
+            
+                iframe.setAttribute("name", "iframelogin");
+                iframe.setAttribute("id", "iframelogin");
+                
+                
+                iframe.setAttribute("onload","iframeLoaded()");
+                
+                var divdemologin = document.getElementById("demologin");
+                divdemologin.innerHTML="";
+
+                el.appendChild(iframe, el); 
+            }
+            
+            function iframeLoaded(){
+                //console.log(document.title); 
+                var ifr=document.getElementById("iframelogin");
+
+                //only works on same origin
+                
+                /*
+                var iframedoc=(ifr.contentWindow||ifr.contentDocument);
+                
+                //var iframedoc=ifr.contentDocument||iframe.contentWindow.document;
+                console.log(iframedoc.title);
+                if(iframedoc.title=="Demo Applikation"){
+                    ifr.setAttribute("width",480);
+                    ifr.setAttribute("height",240);
+                    
+                    var demologin=document.getElementById("demologin");
+                    demologin.style.marginRight="250px";
+                }
+                */
+            }
+
+        </script>
+    </head>
+    <body>
+  <div id="headline">
+      <div class="container">
+          <a href="http://www.digitales.oesterreich.gv.at/"><img src="./common/logo_digAT.png"/></a>
+          <a href="../index.html"><h1>MOA-ID-AUTH </h1></a>
+          <br/>
+      </div>
+  </div>
+        <div id="description" class="container">
+            <p>Bei MOA-ID-AUTH handelt es sich um ein Modul für die Identifizierung und Authentifizierung bei Onlineapplikationen unter Verwendung der Bürgerkarte.
+            Hier kann sowohl die Smartcard-Variante (e-Card) als auch die Handysignatur verwendet werden.
+            Die Konfiguration des Modules MOA-ID-Auth erfolgt mit Hilfe des Zusatzmodules MOA-ID-Configuration welches eine web-basierte Konfigurationsschnittstelle zur Verfügung stellt.</p>
+        </div>
+        <div id="maincontent" class="container">
+            <nav>
+                <ul>
+                    <!--li><a href="_index.html">Allgemein</a></li-->
+                    <!--li><a href="http://joinup.ec.europa.eu/site/moa-idspss/">Dokumentation</a></li-->
+                    <li><a href="http://joinup.ec.europa.eu/site/moa-idspss/moa-id-2.0.0/doc/handbook">Dokumentation</a></li>
+                    <!--Link zu den Demo-Clients-->
+                    <li><a href=#>Demo Clients</a></li>
+                    <!--Link zum Konfigtool-->
+                    <li><a href="https://localhost:8443/moa-id-configuration">Konfiguration GUI</a></li>
+                	
+                </ul>
+            </nav>
+        <div id="demologin" class="container">
+            <br/>
+            <a href="#" id="loginButton" class="button" onclick="PVP2LoginIframe('https://menja.iaik.tugraz.at:8443/moa-id-oa/servlet/pvp2login')">Login</a>
+            <p id="loginText">Über den Login-Button können Sie sich anschließend bei Ihrer Online-Applikation mit der Bürgerkarte oder der Handysignatur anmelden. Dazu müssen Sie allerdings zuvor die Applikation gemäß <a href="http://joinup.ec.europa.eu/site/moa-idspss/moa-id-2.0.0/doc/handbook/application/application.html#DemoApp_pvp21">Beschreibung</a> konfigurieren.</p>
+        </div>
+        </div>
+
+    </body>
+</html>
\ No newline at end of file
diff --git a/id/server/doc/handbook/common/LogoBKA.png b/id/server/doc/handbook/common/LogoBKA.png
deleted file mode 100644
index 6a92647fd..000000000
Binary files a/id/server/doc/handbook/common/LogoBKA.png and /dev/null differ
-- 
cgit v1.2.3


From e6e2bbf9a6e4df5e714ab10babae013317bf8422 Mon Sep 17 00:00:00 2001
From: Thomas Knall <t.knall@datentechnik-innovation.com>
Date: Fri, 16 Jan 2015 15:11:48 +0100
Subject: Add dti-process-engine support.

---
 id/server/auth/pom.xml                             | 10 ++++++++
 .../src/main/webapp/WEB-INF/applicationContext.xml | 29 ++++++++++++++++++++++
 id/server/idserverlib/pom.xml                      | 10 ++++++++
 .../moa/id/auth/servlet/AuthServlet.java           |  4 ++-
 .../processes/DefaultAuthentication.process.xml    | 15 +++++++++++
 pom.xml                                            | 10 ++++++++
 6 files changed, 77 insertions(+), 1 deletion(-)
 create mode 100644 id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml
 create mode 100644 id/server/idserverlib/src/main/resources/resources/processes/DefaultAuthentication.process.xml

(limited to 'id/server/auth/src')

diff --git a/id/server/auth/pom.xml b/id/server/auth/pom.xml
index 7db6ce648..529737820 100644
--- a/id/server/auth/pom.xml
+++ b/id/server/auth/pom.xml
@@ -188,6 +188,16 @@
 			<scope>provided</scope>
 		</dependency>
 
+		<dependency>
+			<groupId>org.springframework</groupId>
+			<artifactId>spring-webmvc</artifactId>
+			<exclusions>
+				<exclusion>
+					<groupId>commons-logging</groupId>
+					<artifactId>commons-logging</artifactId>
+				</exclusion>
+			</exclusions>
+		</dependency>
 		<dependency>
 			<groupId>org.slf4j</groupId>
 			<artifactId>jcl-over-slf4j</artifactId>
diff --git a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml
new file mode 100644
index 000000000..b340133c7
--- /dev/null
+++ b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:context="http://www.springframework.org/schema/context"
+	xmlns:task="http://www.springframework.org/schema/task"
+	xsi:schemaLocation="http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task-4.1.xsd
+		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
+
+	<context:annotation-config />
+
+	<bean id="processEngine" class="com.datentechnik.process_engine.ProcessEngineImpl">
+		<property name="transitionConditionExpressionEvaluator">
+			<bean class="com.datentechnik.process_engine.spring.SpringExpressionEvaluator" />
+		</property>
+		<property name="processInstanceMaxIdleTimeSeconds" value="600" />
+		<property name="processDefinitions">
+			<bean class="com.datentechnik.process_engine.spring.ProcessDefinitionsFactoryBean">
+				<property name="resources" value="classpath:resources/processes/*.process.xml" />
+			</bean>
+		</property>
+	</bean>
+	
+	<task:scheduler id="taskScheduler" pool-size="1" />
+	<task:scheduled-tasks scheduler="taskScheduler">
+		<task:scheduled ref="processEngine" method="cleanup" fixed-delay="60000" />
+	</task:scheduled-tasks>
+
+</beans>
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index fc48d87ac..ba06ce142 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -15,6 +15,7 @@
 
 	<properties>
 		<repositoryPath>${basedir}/../../../repository</repositoryPath>
+		<com.datentechnik.process-engine.version>0.0.1-SNAPSHOT</com.datentechnik.process-engine.version>
 	</properties>
 
 	<repositories>
@@ -147,11 +148,13 @@
 			<groupId>javax.mail</groupId>
 			<artifactId>mail</artifactId>
 		</dependency>
+		<!--
 		<dependency>
 			<groupId>javax.servlet</groupId>
 			<artifactId>servlet-api</artifactId>
 			<scope>provided</scope>
 		</dependency>
+		-->
 		
         <dependency>
             <groupId>xalan-bin-dist</groupId>
@@ -396,6 +399,13 @@
 				</exclusion>
 			</exclusions>
 		</dependency>
+
+		<dependency>
+			<groupId>com.datentechnik.process-engine</groupId>
+			<artifactId>dti-process-engine-spring-web</artifactId>
+			<version>${com.datentechnik.process-engine.version}</version>
+		</dependency>
+
 	</dependencies>
 
 	<build>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
index e5b2c598c..eb480e37c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
@@ -67,6 +67,8 @@ import org.apache.commons.fileupload.FileUploadException;
 import org.apache.commons.fileupload.disk.DiskFileItemFactory;
 import org.apache.commons.fileupload.servlet.ServletFileUpload;
 
+import com.datentechnik.process_engine.springweb.AbstractAuthSourceServlet;
+
 import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
@@ -88,7 +90,7 @@ import at.gv.egovernment.moa.util.URLDecoder;
  * @author Paul Ivancsics
  * @version $Id$
  */
-public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
+public class AuthServlet extends AbstractAuthSourceServlet implements MOAIDAuthConstants {
 
 	/**
 	 * 
diff --git a/id/server/idserverlib/src/main/resources/resources/processes/DefaultAuthentication.process.xml b/id/server/idserverlib/src/main/resources/resources/processes/DefaultAuthentication.process.xml
new file mode 100644
index 000000000..a2b25e24e
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/resources/processes/DefaultAuthentication.process.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<pd:ProcessDefinition id="DefaultAuthentication" xmlns:pd="http://www.datentechnik.com/process-engine/processdefinition/v1">
+
+<!--
+	- National authentication with Austrian Citizen Card and mobile signature.
+	- Legacy authentication for foreign citizens using MOCCA supported signature cards.
+-->
+
+	<pd:StartEvent id="start" />
+
+	<pd:Transition from="start" to="end" />
+
+	<pd:EndEvent id="end" />
+
+</pd:ProcessDefinition>
diff --git a/pom.xml b/pom.xml
index c5973a4ab..9a77ada22 100644
--- a/pom.xml
+++ b/pom.xml
@@ -27,6 +27,9 @@
 		<moa-spss-version>2.0.4-SNAPSHOT</moa-spss-version>
 		<configtool-version>1.1.5-SNAPSHOT</configtool-version>
 		<demo-oa-version>2.0.3-SNAPSHOT</demo-oa-version>
+		
+		<org.springframework.version>4.1.4.RELEASE</org.springframework.version>
+
     </properties>
 
     <profiles>
@@ -545,6 +548,13 @@
                 <version>2.7.2</version><!-- xalan version -->
                 <scope>runtime</scope>
             </dependency>
+            
+			<dependency>
+				<groupId>org.springframework</groupId>
+				<artifactId>spring-webmvc</artifactId>
+				<version>${org.springframework.version}</version>
+			</dependency>
+			
         </dependencies>
     </dependencyManagement>
 
-- 
cgit v1.2.3


From a1bb34634bf4f30fc565109358eb51bd1111dc21 Mon Sep 17 00:00:00 2001
From: Thomas Knall <t.knall@datentechnik-innovation.com>
Date: Wed, 21 Jan 2015 08:50:58 +0100
Subject: Add "DefaultAuthentication" process (AT, no mandates, no stork)
 (MOAID-59).

- Fix oa web.xml, switch to servlet 3.0.
- moa-id-auth web.xml
-- Add CharacterEncodingFilter for UTF-8 encoding.
-- Add ProcessEngineSignalServlet.
- Fix invalid template_*.html.
- Add TODO[branch] annotations in order to indicates potential process flow branches.
- Add some missing Javadoc.
- Add property processInstandId to AuthenticationSession.
- Add process engine support.
- Fix HttpServlet init issues.
- Set VerifyAuthenticationBlockServlet and VerifyIdentityLinkServlet deprecated.
---
 id/oa/src/main/webapp/WEB-INF/web.xml              |   4 +-
 .../src/main/webapp/WEB-INF/applicationContext.xml |   2 +
 id/server/auth/src/main/webapp/WEB-INF/web.xml     |  30 ++
 .../auth/src/main/webapp/template_handyBKU.html    |   2 +-
 .../auth/src/main/webapp/template_localBKU.html    |   2 +-
 .../auth/src/main/webapp/template_onlineBKU.html   |   2 +-
 .../moa/id/auth/AuthenticationServer.java          |   5 +
 .../auth/builder/StartAuthenticationBuilder.java   |  11 +
 .../moa/id/auth/data/AuthenticationSession.java    |  20 +-
 .../moa/id/auth/servlet/AuthServlet.java           |  43 ++-
 .../servlet/GenerateIFrameTemplateServlet.java     |  60 ++-
 .../auth/servlet/ProcessEngineSignalServlet.java   |  60 +++
 .../servlet/VerifyAuthenticationBlockServlet.java  |   8 +
 .../id/auth/servlet/VerifyIdentityLinkServlet.java |   6 +
 .../moa/id/auth/tasks/AbstractAuthServletTask.java | 402 +++++++++++++++++++++
 .../id/auth/tasks/CreateIdentityLinkFormTask.java  |  85 +++++
 .../auth/tasks/VerifyAuthenticationBlockTask.java  | 255 +++++++++++++
 .../moa/id/auth/tasks/VerifyIdentityLinkTask.java  | 203 +++++++++++
 .../moa/id/moduls/AuthenticationManager.java       | 177 ++++-----
 .../processes/DefaultAuthentication.process.xml    |  12 +-
 .../resources/properties/id_messages_de.properties |   4 +-
 id/server/stork2-commons/.gitignore                |   1 +
 22 files changed, 1265 insertions(+), 129 deletions(-)
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/AbstractAuthServletTask.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/CreateIdentityLinkFormTask.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyAuthenticationBlockTask.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyIdentityLinkTask.java

(limited to 'id/server/auth/src')

diff --git a/id/oa/src/main/webapp/WEB-INF/web.xml b/id/oa/src/main/webapp/WEB-INF/web.xml
index d40f156cd..a42985c95 100644
--- a/id/oa/src/main/webapp/WEB-INF/web.xml
+++ b/id/oa/src/main/webapp/WEB-INF/web.xml
@@ -1,8 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
+<web-app id="WebApp_ID" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
 
-<!DOCTYPE web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN' 'http://java.sun.com/dtd/web-app_2_3.dtd'>
-
-<web-app>
   <display-name>Sample OA</display-name>
   <description>MOA PVP2.1 Sample OA</description>
   
diff --git a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml
index b340133c7..0f9f05baa 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml
@@ -25,5 +25,7 @@
 	<task:scheduled-tasks scheduler="taskScheduler">
 		<task:scheduled ref="processEngine" method="cleanup" fixed-delay="60000" />
 	</task:scheduled-tasks>
+	
+	<bean id="authenticationManager" class="at.gv.egovernment.moa.id.moduls.AuthenticationManager" factory-method="getInstance" />
 
 </beans>
diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml
index fb3888a3e..477cce57b 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/web.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml
@@ -10,6 +10,23 @@
 		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
 	</listener>
 
+	<filter>
+		<filter-name>characterEncodingFilter</filter-name>
+		<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
+		<init-param>
+			<param-name>encoding</param-name>
+			<param-value>UTF-8</param-value>
+		</init-param>
+		<init-param>
+			<param-name>forceEncoding</param-name>
+			<param-value>true</param-value>
+		</init-param>
+	</filter>
+	<filter-mapping>
+		<filter-name>characterEncodingFilter</filter-name>
+		<url-pattern>/*</url-pattern>
+	</filter-mapping>
+
 	<!-- exposes request and response to the current thread -->
 	<filter>
 		<filter-name>requestContextFilter</filter-name>
@@ -20,6 +37,7 @@
 		<url-pattern>/*</url-pattern>
 	</filter-mapping>
 
+
 <!-- 	<servlet>
 		<servlet-name>SelectBKU</servlet-name>
 		<display-name>SelectBKU</display-name>
@@ -153,6 +171,12 @@
 		<servlet-class>at.gv.egovernment.moa.id.protocols.saml1.GetArtifactServlet</servlet-class>
 	</servlet>
 
+	<servlet>
+		<description>Resumes a suspended process engine task.</description>
+		<display-name>ProcessEngineSignal</display-name>
+		<servlet-name>ProcessEngineSignal</servlet-name>
+		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.ProcessEngineSignalServlet</servlet-class>
+	</servlet>
 
 
 
@@ -207,7 +231,10 @@
 		<url-pattern>/idpSingleLogout</url-pattern>
 	</servlet-mapping>	
 	<servlet-mapping>
+		<!--
 		<servlet-name>VerifyIdentityLink</servlet-name>
+		-->
+		<servlet-name>ProcessEngineSignal</servlet-name>
 		<url-pattern>/VerifyIdentityLink</url-pattern>
 	</servlet-mapping>
 	<servlet-mapping>
@@ -229,7 +256,10 @@
 	</servlet-mapping> -->
 	
 	<servlet-mapping>
+		<!--
 		<servlet-name>VerifyAuthBlock</servlet-name>
+		-->
+		<servlet-name>ProcessEngineSignal</servlet-name>
 		<url-pattern>/VerifyAuthBlock</url-pattern>
 	</servlet-mapping>
 <!-- 	<servlet-mapping>
diff --git a/id/server/auth/src/main/webapp/template_handyBKU.html b/id/server/auth/src/main/webapp/template_handyBKU.html
index 91f7fad6f..6c3dc563c 100644
--- a/id/server/auth/src/main/webapp/template_handyBKU.html
+++ b/id/server/auth/src/main/webapp/template_handyBKU.html
@@ -11,7 +11,7 @@
 		</script>
 	</head>
 	<body onLoad="onAnmeldeSubmit()">		 
-      <form name="CustomizedForm" action="<BKU>" method="post" enctype="multipart/form-data<>">
+      <form name="CustomizedForm" action="<BKU>" method="post" enctype="multipart/form-data">
 			Falls Sie nicht automatisch weitergeleitet werden klicken Sie bitte hier:
      		<input class="button" type="submit" value="Starte Anmeldung" name="Senden">
 			<input type="hidden" name="XMLRequest" value="<XMLRequest>">
diff --git a/id/server/auth/src/main/webapp/template_localBKU.html b/id/server/auth/src/main/webapp/template_localBKU.html
index 88fad25ae..0ec8e52c2 100644
--- a/id/server/auth/src/main/webapp/template_localBKU.html
+++ b/id/server/auth/src/main/webapp/template_localBKU.html
@@ -11,7 +11,7 @@
 		</script>
 	</head>
 	<body onLoad="onAnmeldeSubmit()">	   
-		<form target=<REDIRECTTARGET> name="CustomizedForm" action="<BKU>" method="post" enctype="multipart/form-data<>">
+		<form target=<REDIRECTTARGET> name="CustomizedForm" action="<BKU>" method="post" enctype="multipart/form-data">
 			Falls Sie nicht automatisch weitergeleitet werden klicken Sie bitte hier: 
      		<input class="button" type="submit" value="Starte Anmeldung" name="Senden">
 			<input type="hidden" name="XMLRequest" value="<XMLRequest>">
diff --git a/id/server/auth/src/main/webapp/template_onlineBKU.html b/id/server/auth/src/main/webapp/template_onlineBKU.html
index 534d3dc55..39d7bb8e1 100644
--- a/id/server/auth/src/main/webapp/template_onlineBKU.html
+++ b/id/server/auth/src/main/webapp/template_onlineBKU.html
@@ -11,7 +11,7 @@
 		</script>
 	</head>
 	<body onLoad="onAnmeldeSubmit()">	 
-		<form name="CustomizedForm" action="<BKU>" method="post" enctype="multipart/form-data<>">
+		<form name="CustomizedForm" action="<BKU>" method="post" enctype="multipart/form-data">
 			Falls Sie nicht automatisch weitergeleitet werden klicken Sie bitte hier: 
 		    <input class="button" type="hidden" value="Starte Anmeldung" name="Senden">
 			<input type="hidden" name="XMLRequest" value="<XMLRequest>">
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index a33c4fdf4..0b4b6b4af 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -1790,6 +1790,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
 					"application/xhtml+xml", moasession.getCcc()));
 			newAttribute.setValue(value);
 			attributeList.add(newAttribute);
+			
+			// TODO[branch]: STORK AuthReq CPEPS acsURL "/PEPSConnector"
 		}
 		else//Process SignRequest locally with MOCCA
 		{
@@ -1805,6 +1807,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
 			moasession.setSignedDoc(signedDoc);
 
 			acsURL = issuerValue + PEPSConnectorWithLocalSigningServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN;
+			// TODO[branch]: STORK AuthReq acsURL "/PEPSConnectorWithLocalSigning"
 			try {
 				AuthenticationSessionStoreage.storeSession(moasession);
 			} catch (MOADatabaseException e) {
@@ -1897,6 +1900,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
 			StringWriter writer = new StringWriter();
 			template.merge(context, writer);
 
+			// TODO[branch]: SAML2 Form Submit to CPEPS, response to acsURL Servlet
+			
 			resp.setContentType("text/html;charset=UTF-8");            
 			resp.getOutputStream().write(writer.toString().getBytes("UTF-8"));
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java
index 484fe1f9e..a92d3f678 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java
@@ -47,6 +47,16 @@ public class StartAuthenticationBuilder {
 	}
 	
 	
+	/**
+	 * Depending on the selected citizen's country ({@code moasession.ccc}):
+	 * <ul>
+	 * <li><strong>Either</strong> creates an "IdentityLinkForm" with embedded {@code InfoBoxReadRequest} to be submitted to a citizen card
+	 * environment for reading the subject's IdentityLink</li>
+	 * <li><strong>or</strong> creates a STORK auth request and redirects to a CPEPS.</li>
+	 * </ul>
+	 * 
+	 * @return The "IdentityLinkForm" or an empty String in case of STORK.
+	 */
 	public String build(AuthenticationSession moasession, HttpServletRequest req,
 			HttpServletResponse resp) throws WrongParametersException, MOAIDException {
 		
@@ -58,6 +68,7 @@ public class StartAuthenticationBuilder {
 	    
 	    Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(moasession.getCcc()) ? "AT" : moasession.getCcc()));
 	    // STORK or normal authentication
+	    // TODO[branch]: STORK
 	    if (storkConfig.isSTORKAuthentication(moasession.getCcc())) {
 	    	//STORK authentication
 	    	Logger.trace("Found C-PEPS configuration for citizen of country: " + moasession.getCcc());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 26c22fb4a..76bf93249 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -304,6 +304,8 @@ public class AuthenticationSession implements Serializable {
 	private String authnContextClassRef;
 	// private String requestedProtocolURL = null;
 	
+	private String processInstanceId;
+	
 	public String getAuthnContextClassRef() {
 		return authnContextClassRef;
 	}
@@ -1110,6 +1112,22 @@ public class AuthenticationSession implements Serializable {
 	 */
 	public Date getSessionCreated() {
 		return sessionCreated;
-	}	
+	}
+
+	/**
+	 * Returns the identifier of the process instance associated with this moaid session.
+	 * @return The process instance id (may be {@code null} if no process has been created yet).
+	 */
+	public String getProcessInstanceId() {
+		return processInstanceId;
+	}
+
+	/**
+	 * Sets the process instance identifier in order to associate a certain process instance with this moaid session. 
+	 * @param processInstanceId The process instance id.
+	 */
+	public void setProcessInstanceId(String processInstanceId) {
+		this.processInstanceId = processInstanceId;
+	}
 	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
index eb480e37c..404dc68af 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
@@ -66,8 +66,11 @@ import org.apache.commons.fileupload.FileItemFactory;
 import org.apache.commons.fileupload.FileUploadException;
 import org.apache.commons.fileupload.disk.DiskFileItemFactory;
 import org.apache.commons.fileupload.servlet.ServletFileUpload;
-
-import com.datentechnik.process_engine.springweb.AbstractAuthSourceServlet;
+import org.springframework.beans.BeansException;
+import org.springframework.beans.factory.NoSuchBeanDefinitionException;
+import org.springframework.beans.factory.NoUniqueBeanDefinitionException;
+import org.springframework.web.context.WebApplicationContext;
+import org.springframework.web.context.support.WebApplicationContextUtils;
 
 import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
@@ -83,6 +86,8 @@ import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moa.util.URLDecoder;
 
+import com.datentechnik.process_engine.ProcessEngine;
+
 /**
  * Base class for MOA-ID Auth Servlets, providing standard error handling and
  * constant names.
@@ -90,7 +95,7 @@ import at.gv.egovernment.moa.util.URLDecoder;
  * @author Paul Ivancsics
  * @version $Id$
  */
-public class AuthServlet extends AbstractAuthSourceServlet implements MOAIDAuthConstants {
+public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
 
 	/**
 	 * 
@@ -99,6 +104,11 @@ public class AuthServlet extends AbstractAuthSourceServlet implements MOAIDAuthC
 
 	protected static final String ERROR_CODE_PARAM = "errorid";
 	
+	/**
+	 * The process engine.
+	 */
+	private ProcessEngine processEngine;
+	
 	@Override
 	protected void doGet(HttpServletRequest req, HttpServletResponse resp)
 			throws ServletException, IOException {
@@ -456,4 +466,31 @@ public class AuthServlet extends AbstractAuthSourceServlet implements MOAIDAuthC
 
 	}
 
+
+	/**
+	 * Returns the underlying process engine instance.
+	 * 
+	 * @return The process engine (never {@code null}).
+	 * @throws NoSuchBeanDefinitionException
+	 *             if no {@link ProcessEngine} bean was found.
+	 * @throws NoUniqueBeanDefinitionException
+	 *             if more than one {@link ProcessEngine} bean was found.
+	 * @throws BeansException
+	 *             if a problem getting the {@link ProcessEngine} bean occurred.
+	 * @throws IllegalStateException
+	 *             if the Spring WebApplicationContext was not found, which means that the servlet is used outside a
+	 *             Spring web environment.
+	 */
+	public synchronized ProcessEngine getProcessEngine() {
+		if (processEngine == null) {
+			WebApplicationContext ctx = WebApplicationContextUtils.getWebApplicationContext(getServletContext());
+			if (ctx == null) {
+				throw new IllegalStateException(
+						"Unable to find Spring WebApplicationContext. Servlet needs to be executed within a Spring web environment.");
+			}
+			processEngine = ctx.getBean(ProcessEngine.class);
+		}
+		return processEngine;
+	}
+	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
index 2ef8ab5ec..430936e97 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
@@ -23,18 +23,14 @@
 package at.gv.egovernment.moa.id.auth.servlet;
 
 import java.io.IOException;
-import java.io.PrintWriter;
 import java.util.List;
 
-import javax.servlet.ServletConfig;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.commons.lang.StringEscapeUtils;
 
-import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
-import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -46,29 +42,16 @@ import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.FileUtils;
 import at.gv.egovernment.moa.util.MiscUtil;
-import at.gv.egovernment.moa.util.StringUtils;
+
+import com.datentechnik.process_engine.ProcessInstance;
 
 public class GenerateIFrameTemplateServlet extends AuthServlet {
 
 	private static final long serialVersionUID = 1L;
 
-	public void init(ServletConfig servletConfig) throws ServletException {
-//		    try {
-//		      super.init(servletConfig);
-//		      MOAIDAuthInitializer.initialize();
-//		      Logger.debug("default platform file.encoding: " + System.getProperty("file.encoding"));
-//		      Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null));
-//		    }
-//		    catch (Exception ex) {
-//		      Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex);
-//		      throw new ServletException(ex);
-//		    }
-	}
-	  
 	protected void doGet(HttpServletRequest req, HttpServletResponse resp)
 			throws ServletException, IOException {
 		Logger.info("Receive " + GenerateIFrameTemplateServlet.class + " Request");
@@ -95,7 +78,7 @@ public class GenerateIFrameTemplateServlet extends AuthServlet {
 			
 	    	    moasession = AuthenticationSessionStoreage.getSession(moasessionid);
 	    	    
-	    	    AuthenticationSessionStoreage.changeSessionID(moasession);
+//	    	    AuthenticationSessionStoreage.changeSessionID(moasession);
 			
 			} catch (MOADatabaseException e) {
 				Logger.info("MOASession with SessionID="+ moasessionid + " is not found in Database");
@@ -162,26 +145,28 @@ public class GenerateIFrameTemplateServlet extends AuthServlet {
 		    											   req);
 			}
 			
-		    StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance();			
-		    String getIdentityLinkForm = startauth.build(moasession, req, resp);
-			
-			//store MOASession
+			// select and create process instance
+			// TODO[MOAID-49]: Automatically selection of process
+	    	ProcessInstance pi = getProcessEngine().createProcessInstance("DefaultAuthentication");
+	    	// keep process instance id in moa session
+	    	moasession.setProcessInstanceId(pi.getId());
+	    	// set execution context
+	    	pi.getExecutionContext().put("ccc", moasession.getCcc());
+	    	pi.getExecutionContext().put("useMandate", moasession.getUseMandate());
+	    	pi.getExecutionContext().put("bkuURL", moasession.getBkuURL());
+
+			// make sure moa session has been persisted before running the process
 			try {
 				AuthenticationSessionStoreage.storeSession(moasession);
-				
 			} catch (MOADatabaseException e) {
 				Logger.error("Database Error! MOASession is not stored!");
 				throw new MOAIDException("init.04", new Object[] {
 						moasession.getSessionID()});
 			}
-		    
-		    if (!StringUtils.isEmpty(getIdentityLinkForm)) {
-		    	resp.setContentType("text/html;charset=UTF-8");
-		    	PrintWriter out = new PrintWriter(resp.getOutputStream());
-		    	out.print(getIdentityLinkForm);
-		    	out.flush();
-		    	Logger.debug("Finished GET "+GenerateIFrameTemplateServlet.class);
-		    }
+	    	
+	    	// start process
+	    	getProcessEngine().start(pi);
+
 	    } 
 	    catch (WrongParametersException ex) {
 	    	handleWrongParameters(ex, req, resp);
@@ -199,4 +184,13 @@ public class GenerateIFrameTemplateServlet extends AuthServlet {
 	    	ConfigurationDBUtils.closeSession();
 	    }
 	}
+
+	
+	
+	
+	
+	
+	
+	
+
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java
new file mode 100644
index 000000000..1ea8631c6
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java
@@ -0,0 +1,60 @@
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringEscapeUtils;
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+
+import com.datentechnik.process_engine.ProcessInstance;
+
+public class ProcessEngineSignalServlet extends AuthServlet {
+
+	private static final long serialVersionUID = 1L;
+
+	@Override
+	protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
+		String sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID));
+
+		resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+		resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+		resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+		resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
+		try {
+
+			// check parameter
+			if (!ParamValidatorUtils.isValidSessionID(sessionID)) {
+				throw new WrongParametersException("ProcessEngineSignal", PARAM_SESSIONID, "auth.12");
+			}
+
+			// retrieve moa session
+			AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+
+			// process instance is mandatory
+			if (session.getProcessInstanceId() == null) {
+				throw new IllegalStateException("MOA session does not provide process instance id.");
+			}
+			
+			// wake up next task
+			ProcessInstance pi = getProcessEngine().getProcessInstance(session.getProcessInstanceId());
+			getProcessEngine().signal(pi);
+
+		} catch (Exception ex) {
+			handleError(null, ex, req, resp, null);
+		} finally {
+			MOASessionDBUtils.closeSession();
+		}
+
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
index e7fa9cbd7..dc350bfb7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -71,6 +71,7 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.tasks.VerifyAuthenticationBlockTask;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.ConnectionParameter;
@@ -92,6 +93,7 @@ import at.gv.egovernment.moa.util.DOMUtils;
  * 
  * @author Paul Ivancsics
  * @version $Id$
+ * @deprecated Use {@link VerifyAuthenticationBlockTask} instead.
  */
 public class VerifyAuthenticationBlockServlet extends AuthServlet {
 	
@@ -151,6 +153,9 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
   protected void doPost(HttpServletRequest req, HttpServletResponse resp)
     throws ServletException, IOException {
 
+	  if (System.currentTimeMillis() > 0) {
+		  throw new IllegalStateException(getClass().getName() + " should not be called any more.");
+	  }
 		Logger.debug("POST VerifyAuthenticationBlock");
 		
 		resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
@@ -158,6 +163,9 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
 		resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
 		resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
 		
+		if (System.currentTimeMillis() > 0) {
+			throw new IllegalStateException(getClass().getName() + " should not be called any more.");
+		}
 		String pendingRequestID = null;
 		  
     Map<String, String> parameters;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
index 3b503f07b..3fcdfe150 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -65,6 +65,7 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.tasks.VerifyIdentityLinkTask;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
 import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
@@ -82,6 +83,7 @@ import at.gv.egovernment.moa.logging.Logger;
  *
  * @author Paul Ivancsics
  * @version $Id$
+ * @deprecated Use {@link VerifyIdentityLinkTask} instead.
  */
 public class VerifyIdentityLinkServlet extends AuthServlet {
 
@@ -134,6 +136,10 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
   protected void doPost(HttpServletRequest req, HttpServletResponse resp)
     throws ServletException, IOException {
 
+	  if (System.currentTimeMillis() > 0) {
+		  throw new IllegalStateException(getClass().getName() + " should not be called any more.");
+	  }
+	  
 		Logger.debug("POST VerifyIdentityLink");
 		  
     Map<String, String> parameters;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/AbstractAuthServletTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/AbstractAuthServletTask.java
new file mode 100644
index 000000000..d43e8cf68
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/AbstractAuthServletTask.java
@@ -0,0 +1,402 @@
+package at.gv.egovernment.moa.id.auth.tasks;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Set;
+
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.fileupload.FileItem;
+import org.apache.commons.fileupload.FileItemFactory;
+import org.apache.commons.fileupload.FileUploadException;
+import org.apache.commons.fileupload.disk.DiskFileItemFactory;
+import org.apache.commons.fileupload.servlet.ServletFileUpload;
+import org.apache.commons.lang3.ArrayUtils;
+
+import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet;
+import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl;
+import at.gv.egovernment.moa.id.storage.IExceptionStore;
+import at.gv.egovernment.moa.id.util.ServletUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moa.util.URLDecoder;
+
+import com.datentechnik.process_engine.springweb.AbstractSpringWebSupportedTask;
+
+public abstract class AbstractAuthServletTask extends AbstractSpringWebSupportedTask implements MOAIDAuthConstants {
+
+	protected static final String ERROR_CODE_PARAM = "errorid";
+
+	protected void handleErrorNoRedirect(String errorMessage, Throwable exceptionThrown,
+			HttpServletRequest req, HttpServletResponse resp) {
+
+		if (null != errorMessage) {
+			Logger.error(errorMessage);
+			req.setAttribute("ErrorMessage", errorMessage);
+		}
+
+		if (null != exceptionThrown) {
+			if (null == errorMessage)
+				errorMessage = exceptionThrown.getMessage();
+			Logger.error(errorMessage, exceptionThrown);
+			req.setAttribute("ExceptionThrown", exceptionThrown);
+		}
+
+		if (Logger.isDebugEnabled()) {
+			req.setAttribute("LogLevel", "debug");
+		}
+		
+		
+		StatisticLogger logger = StatisticLogger.getInstance();
+		logger.logErrorOperation(exceptionThrown);
+		
+		
+		// forward this to errorpage-auth.jsp where the HTML error page is
+		// generated
+		ServletContext context = req.getServletContext();
+		RequestDispatcher dispatcher = context
+				.getRequestDispatcher("/errorpage-auth.jsp");
+		try {
+
+			resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
+					MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+			resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
+					MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+			resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+					MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+			resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+					MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
+			dispatcher.forward(req, resp);
+		} catch (ServletException e) {
+			Logger.error(e);
+		} catch (IOException e) {
+			Logger.error(e);
+		}
+	}
+	
+	/**
+	 * Handles an error. <br>>
+	 * <ul>
+	 * <li>Logs the error</li>
+	 * <li>Places error message and exception thrown into the request as request
+	 * attributes (to be used by <code>"/errorpage-auth.jsp"</code>)</li>
+	 * <li>Sets HTTP status 500 (internal server error)</li>
+	 * </ul>
+	 * 
+	 * @param errorMessage
+	 *            error message
+	 * @param exceptionThrown
+	 *            exception thrown
+	 * @param req
+	 *            servlet request
+	 * @param resp
+	 *            servlet response
+	 */
+	protected void handleError(String errorMessage, Throwable exceptionThrown,
+			HttpServletRequest req, HttpServletResponse resp, String pendingRequestID) {
+
+		if (null != errorMessage) {
+			Logger.error(errorMessage);
+			req.setAttribute("ErrorMessage", errorMessage);
+		}
+
+		if (null != exceptionThrown) {
+			if (null == errorMessage)
+				errorMessage = exceptionThrown.getMessage();
+			Logger.error(errorMessage, exceptionThrown);
+			req.setAttribute("ExceptionThrown", exceptionThrown);
+		}
+
+		if (Logger.isDebugEnabled()) {
+			req.setAttribute("LogLevel", "debug");
+		}
+
+		if (!(exceptionThrown instanceof MOAIDException)) {
+			Logger.error("Receive an internal error: Message=" + exceptionThrown.getMessage(), exceptionThrown);
+			
+		}
+		
+		IExceptionStore store = DBExceptionStoreImpl.getStore();
+		String id = store.storeException(exceptionThrown);
+
+		if (id != null && MiscUtil.isNotEmpty(pendingRequestID)) {
+		
+			String redirectURL = null;
+
+			redirectURL = ServletUtils.getBaseUrl(req);
+			redirectURL += "/dispatcher?" + ERROR_CODE_PARAM + "=" + id 
+					+ "&" + DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;
+		
+			resp.setContentType("text/html");
+			resp.setStatus(302);
+	
+			resp.addHeader("Location", redirectURL);		
+			Logger.debug("REDIRECT TO: " + redirectURL);	
+		
+			return;
+			
+		} else {
+			
+			//Exception can not be stored in database
+			handleErrorNoRedirect(errorMessage, exceptionThrown, req, resp);
+		}
+	}
+
+	/**
+	 * Handles a <code>WrongParametersException</code>.
+	 * 
+	 * @param req
+	 *            servlet request
+	 * @param resp
+	 *            servlet response
+	 */
+	protected void handleWrongParameters(WrongParametersException ex,
+			HttpServletRequest req, HttpServletResponse resp) {
+		Logger.error(ex.toString());
+		req.setAttribute("WrongParameters", ex.getMessage());
+
+		// forward this to errorpage-auth.jsp where the HTML error page is
+		// generated
+		ServletContext context = req.getServletContext();
+		RequestDispatcher dispatcher = context
+				.getRequestDispatcher("/errorpage-auth.jsp");
+		try {
+			resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
+					MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+			resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
+					MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+			resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+					MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+			resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+					MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
+			dispatcher.forward(req, resp);
+		} catch (ServletException e) {
+			Logger.error(e);
+		} catch (IOException e) {
+			Logger.error(e);
+		}
+	}
+
+	/**
+	 * Logs all servlet parameters for debugging purposes.
+	 */
+	protected void logParameters(HttpServletRequest req) {
+		for (Enumeration params = req.getParameterNames(); params
+				.hasMoreElements();) {
+			String parname = (String) params.nextElement();
+			Logger.debug("Parameter " + parname + req.getParameter(parname));
+		}
+	}
+
+	/**
+	 * Parses the request input stream for parameters, assuming parameters are
+	 * encoded UTF-8 (no standard exists how browsers should encode them).
+	 * 
+	 * @param req
+	 *            servlet request
+	 * 
+	 * @return mapping parameter name -> value
+	 * 
+	 * @throws IOException
+	 *             if parsing request parameters fails.
+	 * 
+	 * @throws FileUploadException
+	 *             if parsing request parameters fails.
+	 */
+	protected Map<String, String> getParameters(HttpServletRequest req) throws IOException,
+			FileUploadException {
+
+		Map<String, String> parameters = new HashMap<String, String>();
+
+		if (ServletFileUpload.isMultipartContent(req)) {
+			// request is encoded as mulitpart/form-data
+			FileItemFactory factory = new DiskFileItemFactory();
+			ServletFileUpload upload = null;
+			upload = new ServletFileUpload(factory);
+			List items = null;
+			items = upload.parseRequest(req);
+			for (int i = 0; i < items.size(); i++) {
+				FileItem item = (FileItem) items.get(i);
+				if (item.isFormField()) {
+					// Process only form fields - no file upload items
+					String logString = item.getString("UTF-8");
+
+					// TODO use RegExp
+					String startS = "<pr:Identification><pr:Value>";
+					String endS = "</pr:Value><pr:Type>urn:publicid:gv.at:baseid</pr:Type>";
+					String logWithMaskedBaseid = logString;
+					int start = logString.indexOf(startS);
+					if (start > -1) {
+						int end = logString.indexOf(endS);
+						if (end > -1) {
+							logWithMaskedBaseid = logString.substring(0, start);
+							logWithMaskedBaseid += startS;
+							logWithMaskedBaseid += "xxxxxxxxxxxxxxxxxxxxxxxx";
+							logWithMaskedBaseid += logString.substring(end,
+									logString.length());
+						}
+					}
+					parameters
+							.put(item.getFieldName(), item.getString("UTF-8"));
+					Logger.debug("Processed multipart/form-data request parameter: \nName: "
+							+ item.getFieldName()
+							+ "\nValue: "
+							+ logWithMaskedBaseid);
+				}
+			}
+		}
+
+		else {
+			// request is encoded as application/x-www-urlencoded
+			// [tknall]: we must not consume request body input stream once servlet-api request parameters have been accessed
+			
+			/*
+			InputStream in = req.getInputStream();
+
+			String paramName;
+			String paramValueURLEncoded;
+			do {
+				paramName = new String(readBytesUpTo(in, '='));
+				if (paramName.length() > 0) {
+					paramValueURLEncoded = readBytesUpTo(in, '&');
+					String paramValue = URLDecoder.decode(paramValueURLEncoded,
+							"UTF-8");
+					parameters.put(paramName, paramValue);
+				}
+			} while (paramName.length() > 0);
+			in.close();
+			*/
+			
+			Iterator<Entry<String, String[]>> requestParamIt = req.getParameterMap().entrySet().iterator();
+			while (requestParamIt.hasNext()) {
+				Entry<String, String[]> entry = requestParamIt.next();
+				String key = entry.getKey();
+				String[] values = entry.getValue();
+				// take the last value from the value array since the legacy code above also does it this way
+				parameters.put(key, ArrayUtils.isEmpty(values) ? null : values[values.length-1]); 
+			}
+			
+		}
+
+		return parameters;
+	}
+
+	/**
+	 * Reads bytes up to a delimiter, consuming the delimiter.
+	 * 
+	 * @param in
+	 *            input stream
+	 * @param delimiter
+	 *            delimiter character
+	 * @return String constructed from the read bytes
+	 * @throws IOException
+	 */
+	protected String readBytesUpTo(InputStream in, char delimiter)
+			throws IOException {
+		ByteArrayOutputStream bout = new ByteArrayOutputStream();
+		boolean done = false;
+		int b;
+		while (!done && (b = in.read()) >= 0) {
+			if (b == delimiter)
+				done = true;
+			else
+				bout.write(b);
+		}
+		return bout.toString();
+	}
+
+
+	
+//	public void contextDestroyed(ServletContextEvent arg0) {
+//		Security.removeProvider((new IAIK()).getName());
+//		Security.removeProvider((new ECCProvider()).getName());
+//	}
+	
+	/**
+	 * Set response headers to avoid caching
+	 * 
+	 * @param request
+	 *            HttpServletRequest
+	 * @param response
+	 *            HttpServletResponse
+	 */
+	protected void setNoCachingHeadersInHttpRespone(HttpServletRequest request,
+			HttpServletResponse response) {
+		response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
+				MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+		response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
+				MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+		response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+				MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+		response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
+				MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
+	}
+
+	/**
+	 * Adds a parameter to a URL.
+	 * 
+	 * @param url
+	 *            the URL
+	 * @param paramname
+	 *            parameter name
+	 * @param paramvalue
+	 *            parameter value
+	 * @return the URL with parameter added
+	 */
+	protected static String addURLParameter(String url, String paramname,
+			String paramvalue) {
+		String param = paramname + "=" + paramvalue;
+		if (url.indexOf("?") < 0)
+			return url + "?" + param;
+		else
+			return url + "&" + param;
+	}
+
+	/**
+	 * Checks if HTTP requests are allowed
+	 * 
+	 * @param authURL
+	 *            requestURL
+	 * @throws AuthenticationException
+	 *             if HTTP requests are not allowed
+	 * @throws ConfigurationException
+	 */
+	protected void checkIfHTTPisAllowed(String authURL)
+			throws AuthenticationException, ConfigurationException {
+		// check if HTTP Connection may be allowed (through
+		// FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
+		
+		//Removed from MOA-ID 2.0 config
+//		String boolStr = AuthConfigurationProvider
+//				.getInstance()
+//				.getGenericConfigurationParameter(
+//						AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
+		if ((!authURL.startsWith("https:"))
+				//&& (false == BoolUtils.valueOf(boolStr))
+				)
+			throw new AuthenticationException("auth.07", new Object[] { authURL
+					+ "*" });
+
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/CreateIdentityLinkFormTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/CreateIdentityLinkFormTask.java
new file mode 100644
index 000000000..4c87bb689
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/CreateIdentityLinkFormTask.java
@@ -0,0 +1,85 @@
+package at.gv.egovernment.moa.id.auth.tasks;
+
+import java.io.PrintWriter;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.commons.lang3.ObjectUtils;
+
+import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moa.util.StringUtils;
+
+import com.datentechnik.process_engine.api.ExecutionContext;
+
+public class CreateIdentityLinkFormTask extends AbstractAuthServletTask {
+
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
+			throws Exception {
+
+		String pendingRequestID = null;
+		String moasessionid = StringEscapeUtils.escapeHtml(ObjectUtils.defaultIfNull(req.getParameter(PARAM_SESSIONID), (String) executionContext.get(PARAM_SESSIONID)));
+		AuthenticationSession moasession = null;
+		try {
+			
+			if (MiscUtil.isEmpty(moasessionid)) {
+				Logger.warn("MOASessionID is empty.");
+				throw new MOAIDException("auth.18", new Object[] {});
+			}
+			
+			try {
+			
+				pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moasessionid);
+				moasession = AuthenticationSessionStoreage.getSession(moasessionid);
+				AuthenticationSessionStoreage.changeSessionID(moasession);
+				executionContext.remove(PARAM_SESSIONID);
+			
+			} catch (MOADatabaseException e) {
+				Logger.info("MOASession with SessionID=" + moasessionid + " is not found in Database");
+				throw new MOAIDException("init.04", new Object[] { moasessionid });
+
+			} catch (Throwable e) {
+				Logger.info("No HTTP Session found!");
+				throw new MOAIDException("auth.18", new Object[] {});
+			}
+
+			StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance();
+			String getIdentityLinkForm = startauth.build(moasession, req, resp);
+
+			if (!StringUtils.isEmpty(getIdentityLinkForm)) {
+				resp.setContentType("text/html;charset=UTF-8");
+				PrintWriter out = new PrintWriter(resp.getOutputStream());
+				out.print(getIdentityLinkForm);
+				out.flush();
+				Logger.debug("Finished GET " + GenerateIFrameTemplateServlet.class);
+			}
+			
+		} catch (WrongParametersException ex) {
+			handleWrongParameters(ex, req, resp);
+		}
+
+		catch (MOAIDException ex) {
+			handleError(null, ex, req, resp, pendingRequestID);
+
+		} catch (Exception e) {
+			Logger.error("CreateIdentityLinkFormTask has an interal Error.", e);
+
+		}
+
+		finally {
+			ConfigurationDBUtils.closeSession();
+		}
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyAuthenticationBlockTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyAuthenticationBlockTask.java
new file mode 100644
index 000000000..ff1bc8cd1
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyAuthenticationBlockTask.java
@@ -0,0 +1,255 @@
+package at.gv.egovernment.moa.id.auth.tasks;
+
+import iaik.pki.PKIException;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.util.List;
+import java.util.Map;
+
+import javax.net.ssl.SSLSocketFactory;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.transform.TransformerException;
+
+import org.apache.commons.fileupload.FileUploadException;
+import org.apache.commons.lang.StringEscapeUtils;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
+
+import com.datentechnik.process_engine.api.ExecutionContext;
+
+public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask {
+
+	  /**
+	   * Verifies the signed authentication block and redirects the browser
+	   * to the online application requested, adding a parameter needed for
+	   * retrieving the authentication data.
+	   * <br>
+	   * Request parameters:
+	   * <ul>
+	   * <li>MOASessionID: ID of associated authentication session</li>
+	   * <li>XMLResponse: <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
+	   * </ul>
+	   * Response:
+	   * <ul>
+	   * <li>Status: <code>302</code></li>
+	   * <li>Header <code>"Location"</code>: URL of the online application requested, with
+	   * 						parameters <code>"Target"</code>(only if the online application is
+	   *            a public service) and <code>"SAMLArtifact"</code> added</li>
+	   * <li>Error status: <code>500</code>
+	   * </ul>
+	   * @see AuthenticationServer#verifyAuthenticationBlock
+	   * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
+	   */
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
+			throws Exception {
+
+		// note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet
+		
+		Logger.debug("POST VerifyAuthenticationBlock");
+		
+		String pendingRequestID = null;		
+		
+	    Map<String, String> parameters;
+	    try 
+	    {
+	      parameters = getParameters(req);
+	    } catch (FileUploadException e) 
+	    {
+	      Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+	      throw new IOException(e.getMessage());
+	      
+	    }
+			String sessionID = req.getParameter(PARAM_SESSIONID);
+			String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);
+
+			// escape parameter strings
+			sessionID = StringEscapeUtils.escapeHtml(sessionID);
+			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+		   		
+			String redirectURL = null;
+			try {
+	         // check parameter
+	         if (!ParamValidatorUtils.isValidSessionID(sessionID))
+	            throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12");
+	         if (!ParamValidatorUtils.isValidXMLDocument(createXMLSignatureResponse))
+	            throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12");
+
+				AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+
+				//change MOASessionID
+			    sessionID = AuthenticationSessionStoreage.changeSessionID(session);
+				
+				String samlArtifactBase64 = AuthenticationServer.getInstance().verifyAuthenticationBlock(session, createXMLSignatureResponse);
+				
+
+				
+				if (samlArtifactBase64 == null) { 
+					//mandate Mode
+				
+					  AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance();
+						ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter();	
+						SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters);
+						
+						// get identitity link as byte[]
+						Element elem = session.getIdentityLink().getSamlAssertion();
+						String s = DOMUtils.serializeNode(elem);
+						
+						//System.out.println("IDL: " + s);
+						
+						byte[] idl = s.getBytes("UTF-8");
+						
+						// redirect url
+						// build redirect(to the GetMISSessionIdSerlvet)
+						
+						//change MOASessionID before MIS request
+						String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session);
+						
+				        redirectURL =
+				              new DataURLBuilder().buildDataURL(
+				                session.getAuthURL(),
+				                GET_MIS_SESSIONID,
+				                newMOASessionID);
+						
+				        String oaURL = session.getOAURLRequested();
+				        OAAuthParameter oaParam = authConf.getOnlineApplicationParameter(oaURL);
+				        List<String> profiles = oaParam.getMandateProfiles();
+
+				        if (profiles == null) {
+				      	  Logger.error("No Mandate/Profile for OA configured.");
+				      	  throw new AuthenticationException("config.21", new Object[] { GET_MIS_SESSIONID});
+				        }
+				        
+//				        String profilesArray[] = profiles.split(",");  	 		 
+//				        for(int i = 0; i < profilesArray.length; i++) {
+//				      	  profilesArray[i] = profilesArray[i].trim();
+//				        }
+				        
+				        String oaFriendlyName = oaParam.getFriendlyName();
+				        String mandateReferenceValue = session.getMandateReferenceValue();
+				        byte[] cert = session.getEncodedSignerCertificate();
+				        byte[] authBlock = session.getAuthBlock().getBytes("UTF-8");
+				        
+				        //TODO: check in case of SSO!!!
+				        String targetType = null;  
+				        if(oaParam.getBusinessService()) {
+				        	String id = oaParam.getIdentityLinkDomainIdentifier();
+				        	if (id.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_))
+				        		targetType = id;
+				        	else
+				        		targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+session.getDomainIdentifier();
+				        	
+				        } else {
+				        	targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget();
+				        }
+				        
+				        MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(
+				        		connectionParameters.getUrl(), 
+				        		idl, 
+				        		cert, 
+				        		oaFriendlyName, 
+				        		redirectURL, 
+				        		mandateReferenceValue, 
+				        		profiles, 
+				        		targetType,
+				        		authBlock,
+				        		sslFactory);
+				        
+				        if (misSessionID == null) {
+				      	  Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null.");
+				      	  throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service.");
+				        }
+				        
+				        String redirectMISGUI = misSessionID.getRedirectURL();
+				        session.setMISSessionID(misSessionID.getSessiondId());
+					
+						try {
+							AuthenticationSessionStoreage.storeSession(session);
+						} catch (MOADatabaseException e) {
+							throw new MOAIDException("Session store error", null);
+						}
+				        
+						// TODO[branch]: Mandate; redirect to MIS website; website redirects back to "/GetMISSessionID"
+						
+				        resp.setStatus(302);
+				    	  resp.addHeader("Location", redirectMISGUI);
+				    	  Logger.debug("REDIRECT TO: " + redirectURL);
+				}
+				else {
+					if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
+						/*redirectURL = session.getOAURLRequested();
+						if (!session.getBusinessService()) {
+							redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
+		          
+						}
+						redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+						redirectURL = resp.encodeRedirectURL(redirectURL);*/
+						
+						// TODO[branch]: Final step back to /dispatcher
+					
+						redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), 
+								ModulUtils.buildAuthURL(session.getModul(), session.getAction(), pendingRequestID), samlArtifactBase64);
+						
+					} else {
+						// TODO[tlenz]: Should not be needed any more (respective code in AuthenticationServer has been disabled)
+						redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
+					}
+							
+					resp.setContentType("text/html");
+					resp.setStatus(302);
+				
+					resp.addHeader("Location", redirectURL);		
+					Logger.debug("REDIRECT TO: " + redirectURL);				
+					
+				}
+				
+			}
+	    
+			catch (MOAIDException ex) {
+				handleError(null, ex, req, resp, pendingRequestID);
+				
+			} catch (GeneralSecurityException e) {
+				handleError(null, e, req, resp, pendingRequestID);
+				
+			} catch (PKIException e) {
+				handleError(null, e, req, resp, pendingRequestID);
+				
+			} catch (TransformerException e) {
+				handleError(null, e, req, resp, pendingRequestID);
+				
+		    } catch (Exception e) {
+		    	Logger.error("AuthBlockValidation has an interal Error.", e);
+		    }
+		       
+			
+		    finally {
+		    	ConfigurationDBUtils.closeSession();
+		    }		
+		
+		
+		
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyIdentityLinkTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyIdentityLinkTask.java
new file mode 100644
index 000000000..ec12643ec
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyIdentityLinkTask.java
@@ -0,0 +1,203 @@
+package at.gv.egovernment.moa.id.auth.tasks;
+
+import java.io.IOException;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringEscapeUtils;
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.util.ServletUtils;
+import at.gv.egovernment.moa.logging.Logger;
+
+import com.datentechnik.process_engine.api.ExecutionContext;
+
+public class VerifyIdentityLinkTask extends AbstractAuthServletTask {
+
+	/**
+	 * Verifies the identity link and responds with a new 
+	 * <code>CreateXMLSignatureRequest</code> or a new <code>
+	 * InfoboxReadRequest</code> (in case of a foreign eID card).
+	 * <br>
+	 * Request parameters:
+	 * <ul>
+	 * <li>MOASessionID: ID of associated authentication session</li>
+	 * <li>XMLResponse: <code>&lt;InfoboxReadResponse&gt;</code></li>
+	 * </ul>
+	 * Response:
+	 * <ul>
+	 * <li>Content type: <code>"text/xml"</code></li>
+	 * <li>Content: see return value of {@link AuthenticationServer#verifyIdentityLink}</li>
+	 * <li>Error status: <code>500</code>
+	 * </ul>
+	 * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
+	 */
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
+			throws Exception {
+		
+		// note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet
+
+			Logger.debug("POST VerifyIdentityLink");
+			  
+	    Map<String, String> parameters;
+	    String pendingRequestID = null;
+	    
+	    try 
+	    {
+	      parameters = getParameters(req);
+	      
+	    } catch (Exception e) 
+	    {
+	      Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+	      throw new IOException(e.getMessage());
+	    }
+	    String sessionID = req.getParameter(PARAM_SESSIONID);
+	           
+	    // escape parameter strings
+		sessionID = StringEscapeUtils.escapeHtml(sessionID);
+	    
+		pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+		
+	    resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+		resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+		resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+		resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+
+		
+	    try {
+	    // check parameter
+	       if (!ParamValidatorUtils.isValidSessionID(sessionID))
+	          throw new WrongParametersException("VerifyIdentityLink", PARAM_SESSIONID, "auth.12");
+	       
+	       
+	       AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+	       
+	       //change MOASessionID
+	       sessionID = AuthenticationSessionStoreage.changeSessionID(session);
+	    	  
+	    	String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(session, parameters);
+
+	    	Logger.debug(createXMLSignatureRequestOrRedirect);
+	    	
+	    	    	
+	    	if (createXMLSignatureRequestOrRedirect == null) {
+	    	   // no identity link found
+
+	    		boolean useMandate = session.getUseMandate();
+	    		if (useMandate) {
+	    			Logger.error("Online-Mandate Mode for foreign citizencs not supported.");
+	    			throw new AuthenticationException("auth.13", null);
+	    		}
+	    		// TODO[branch]: Foreign citizen; respond with IRR for certificates, dataURL = "/VerifyCertificate"
+	    		
+	    		try {
+	    		
+	    		   Logger.info("Send InfoboxReadRequest to BKU to get signer certificate.");
+	    		   
+	    		   // create the InfoboxReadRequest to get the certificate
+	    		   String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
+
+	    		   // build dataurl (to the VerifyCertificateSerlvet)
+	          String dataurl =
+	                new DataURLBuilder().buildDataURL(
+	                  session.getAuthURL(),
+	                  REQ_VERIFY_CERTIFICATE,
+	                  session.getSessionID());
+	          
+	          ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+	          
+	    	    	
+	    	    }
+	    	    catch(Exception e) {
+	    	    	handleError(null, e, req, resp, pendingRequestID);
+	    	    }
+	    	    
+	    	}
+	    	else {
+	    		boolean useMandate = session.getUseMandate();
+	    		
+	    		if (useMandate) { // Mandate modus
+	    			
+	    			// TODO[branch]: Mandate; respond with IRR for certificates, dataURL = "/VerifyCertificate"
+	    			
+	    			// read certificate and set dataurl to 
+	    			Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
+	    			
+	    
+	     		   String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
+
+	     		   // build dataurl (to the GetForeignIDSerlvet)
+	     		   String dataurl =
+	                 new DataURLBuilder().buildDataURL(
+	                   session.getAuthURL(),
+	                   REQ_VERIFY_CERTIFICATE,
+	                   session.getSessionID());
+	           
+	     		  //Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)");
+	     		  //ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+	     		   
+	     		  Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)");
+	     		  ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+	    			
+	    		}	
+	    		else {
+	    			Logger.info("Normal");
+	    			
+	    			// TODO[branch]: Default behaviour; respond with CXSR for authblock signature, dataURL "/VerifyAuthBlock"
+	    			
+	    			OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+	    					.getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+	    			AuthConfigurationProvider authConf = AuthConfigurationProvider
+	    					.getInstance();
+	    			
+	    			createXMLSignatureRequestOrRedirect =  AuthenticationServer.getInstance()
+	    					.getCreateXMLSignatureRequestAuthBlockOrRedirect(session,
+	    					authConf, oaParam);
+	    			
+	    			ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink");
+	    		}
+	    	}
+	    	
+			try {
+				AuthenticationSessionStoreage.storeSession(session);
+				
+			} catch (MOADatabaseException e) {
+				Logger.info("No valid MOA session found. Authentification process is abourted.");
+				throw new AuthenticationException("auth.20", null);
+			}
+	    }
+	    catch (ParseException ex) {
+	    	handleError(null, ex, req, resp, pendingRequestID);
+	    	
+	    } catch (MOAIDException ex) {
+	      handleError(null, ex, req, resp, pendingRequestID);
+	      
+	    } catch (Exception e) {
+	    	Logger.error("IdentityLinkValidation has an interal Error.", e);
+	    }
+	        
+	    finally {
+	    	ConfigurationDBUtils.closeSession();
+	    }
+	  }
+	
+	
+	
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index a4d63b144..0c481d94e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -59,17 +59,16 @@ import org.opensaml.ws.message.encoder.MessageEncodingException;
 import org.opensaml.ws.soap.common.SOAPException;
 import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.security.SecurityException;
+import org.springframework.beans.factory.annotation.Autowired;
 
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder;
 import at.gv.egovernment.moa.id.auth.builder.SendAssertionFormBuilder;
-import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser;
-import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
 import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
@@ -94,25 +93,28 @@ import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
-import at.gv.egovernment.moa.util.StringUtils;
 
-public class AuthenticationManager extends AuthServlet {
+import com.datentechnik.process_engine.ProcessEngine;
+import com.datentechnik.process_engine.ProcessExecutionException;
+import com.datentechnik.process_engine.ProcessInstance;
 
-	private static AuthenticationManager instance = null;
-	
-	private static final long serialVersionUID = 1L;
+public class AuthenticationManager implements MOAIDAuthConstants {
+
+	private static final AuthenticationManager INSTANCE = new AuthenticationManager();
 	
 	public static final String MOA_SESSION = "MoaAuthenticationSession";
 	public static final String MOA_AUTHENTICATED = "MoaAuthenticated";
 
 	public static final int SLOTIMEOUT = 30 * 1000; //30 sec
 	
+	@Autowired
+	private ProcessEngine processEngine;
+	
+	private AuthenticationManager() {
+	}
+	
 	public static AuthenticationManager getInstance() {
-		if (instance == null) {
-			instance = new AuthenticationManager();
-		}
-		
-		return instance;
+		return INSTANCE;
 	}
 	
 	/**
@@ -508,7 +510,10 @@ public class AuthenticationManager extends AuthServlet {
 			throws ServletException, IOException, MOAIDException {
 		Logger.debug("Starting authentication on this IDP ...");
 
-		setNoCachingHeadersInHttpRespone(request, response);
+		response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+		response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+		response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+		response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
 		
 		List<String> legacyallowed_prot = AuthConfigurationProvider.getInstance().getLegacyAllowedProtocols();
 
@@ -529,79 +534,87 @@ public class AuthenticationManager extends AuthServlet {
 			throw new MOAIDException("init.04", new Object[] {});
 		}
 		
-		
-		if (legacyallowed && legacyparamavail) {
-			
-			//parse request parameter into MOASession			
-			StartAuthentificationParameterParser.parse(request, response, moasession, target);
-							
-		    Logger.info("Start Authentication Module: " + moasession.getModul() 
-		    		+ " Action: " + moasession.getAction());
-					    
-		    StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance();
-			
-		    String getIdentityLinkForm = startauth.build(moasession, request, response);
-			
-			//store MOASession
-			try {
-				AuthenticationSessionStoreage.storeSession(moasession, target.getRequestID());				
-			} catch (MOADatabaseException e) {
-				Logger.error("Database Error! MOASession is not stored!");
-				throw new MOAIDException("init.04", new Object[] {
-						moasession.getSessionID()});
-			}
-		    
-		    if (!StringUtils.isEmpty(getIdentityLinkForm)) {
-		    	response.setContentType("text/html;charset=UTF-8");
-		    	PrintWriter out = new PrintWriter(response.getOutputStream());
-		    	out.print(getIdentityLinkForm);
-		    	out.flush();
-		    	Logger.debug("Finished GET StartAuthentication");
-		    }
-			
-		} else {
-			//load Parameters from OnlineApplicationConfiguration
-			OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
-					.getOnlineApplicationParameter(target.getOAURL());
+		try {
 			
-			if (oaParam == null) {
-				throw new AuthenticationException("auth.00", new Object[] { target.getOAURL() });
-			}
+			if (legacyallowed && legacyparamavail) {
+				
+				//parse request parameter into MOASession			
+				StartAuthentificationParameterParser.parse(request, response, moasession, target);
+								
+			    Logger.info("Start Authentication Module: " + moasession.getModul() 
+			    		+ " Action: " + moasession.getAction());
+	
+			    
+				// create process instance
+			    // TODO[MOAID-49]: Automatically selection of process
+		    	ProcessInstance pi = processEngine.createProcessInstance("DefaultAuthentication");
+		    	// keep process instance id in moa session
+		    	moasession.setProcessInstanceId(pi.getId());
+	
+				// make sure moa session has been persisted before running the process
+				try {
+					AuthenticationSessionStoreage.storeSession(moasession);
+				} catch (MOADatabaseException e) {
+					Logger.error("Database Error! MOASession is not stored!");
+					throw new MOAIDException("init.04", new Object[] {
+							moasession.getSessionID()});
+				}
+				
+				// set execution context
+				pi.getExecutionContext().put("ccc", moasession.getCcc());
+				pi.getExecutionContext().put("useMandate", moasession.getUseMandate());
+				pi.getExecutionContext().put("bkuURL", moasession.getBkuURL());
+				pi.getExecutionContext().put(PARAM_SESSIONID, moasession.getSessionID());
+		    	
+		    	// start process
+		    	processEngine.start(pi);
+			    
+			} else {
+				//load Parameters from OnlineApplicationConfiguration
+				OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+						.getOnlineApplicationParameter(target.getOAURL());
+				
+				if (oaParam == null) {
+					throw new AuthenticationException("auth.00", new Object[] { target.getOAURL() });
+				}
+								
+				else {
+					
+					//check if an MOASession exists and if not create an new MOASession
+					//moasession = getORCreateMOASession(request);
+	
+					//set OnlineApplication configuration in Session
+					moasession.setOAURLRequested(target.getOAURL());
+					moasession.setAction(target.requestedAction());
+					moasession.setModul(target.requestedModule());
+				}
 							
-			else {
+				//Build authentication form
 				
-				//check if an MOASession exists and if not create an new MOASession
-				//moasession = getORCreateMOASession(request);
-
-				//set OnlineApplication configuration in Session
-				moasession.setOAURLRequested(target.getOAURL());
-				moasession.setAction(target.requestedAction());
-				moasession.setModul(target.requestedModule());
-			}
-						
-			//Build authentication form
-			
-			
-			String publicURLPreFix = AuthConfigurationProvider.getInstance().getPublicURLPrefix();
-			String loginForm = LoginFormBuilder.buildLoginForm(target.requestedModule(), 
-					target.requestedAction(), oaParam, publicURLPreFix, moasession.getSessionID());
-			
-			//store MOASession
-			try {
-				AuthenticationSessionStoreage.storeSession(moasession, target.getRequestID());				
-			} catch (MOADatabaseException e) {
-				Logger.error("Database Error! MOASession is not stored!");
-				throw new MOAIDException("init.04", new Object[] {
-						moasession.getSessionID()});
+				
+				String publicURLPreFix = AuthConfigurationProvider.getInstance().getPublicURLPrefix();
+				String loginForm = LoginFormBuilder.buildLoginForm(target.requestedModule(), 
+						target.requestedAction(), oaParam, publicURLPreFix, moasession.getSessionID());
+				
+				//store MOASession
+				try {
+					AuthenticationSessionStoreage.storeSession(moasession, target.getRequestID());				
+				} catch (MOADatabaseException e) {
+					Logger.error("Database Error! MOASession is not stored!");
+					throw new MOAIDException("init.04", new Object[] {
+							moasession.getSessionID()});
+				}
+				
+				//set MOAIDSession
+				//request.getSession().setAttribute(MOA_SESSION, moasession.getSessionID());
+				
+				response.setContentType("text/html;charset=UTF-8");
+				PrintWriter out = new PrintWriter(response.getOutputStream()); 
+				out.print(loginForm);
+				out.flush(); 
 			}
-			
-			//set MOAIDSession
-			//request.getSession().setAttribute(MOA_SESSION, moasession.getSessionID());
-			
-			response.setContentType("text/html;charset=UTF-8");
-			PrintWriter out = new PrintWriter(response.getOutputStream()); 
-			out.print(loginForm);
-			out.flush(); 
+		} catch (ProcessExecutionException e) {
+			throw new MOAIDException("process.01", new Object[] { moasession.getProcessInstanceId(), moasession }, e);
 		}
 	}
 }
diff --git a/id/server/idserverlib/src/main/resources/resources/processes/DefaultAuthentication.process.xml b/id/server/idserverlib/src/main/resources/resources/processes/DefaultAuthentication.process.xml
index a2b25e24e..dd27d8a01 100644
--- a/id/server/idserverlib/src/main/resources/resources/processes/DefaultAuthentication.process.xml
+++ b/id/server/idserverlib/src/main/resources/resources/processes/DefaultAuthentication.process.xml
@@ -7,9 +7,15 @@
 -->
 
 	<pd:StartEvent id="start" />
-
-	<pd:Transition from="start" to="end" />
-
+	
+	<pd:Transition from="start" to="createIdentityLinkForm" />
+	<pd:Task id="createIdentityLinkForm" class="at.gv.egovernment.moa.id.auth.tasks.CreateIdentityLinkFormTask" />
+	<pd:Transition from="createIdentityLinkForm" to="verifyIdentityLink" />
+	<pd:Task id="verifyIdentityLink" class="at.gv.egovernment.moa.id.auth.tasks.VerifyIdentityLinkTask" async="true" />
+	<pd:Transition from="verifyIdentityLink" to="verifyAuthBlock" />
+	<pd:Task id="verifyAuthBlock" class="at.gv.egovernment.moa.id.auth.tasks.VerifyAuthenticationBlockTask" async="true" />
+	<pd:Transition from="verifyAuthBlock" to="end" />
+	
 	<pd:EndEvent id="end" />
 
 </pd:ProcessDefinition>
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 8fda4566c..232f53559 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -266,4 +266,6 @@ oauth20.09=Zertifikat fuer JSON Web-Token ist falsch konfiguriert. Fehler bei "{
 
 slo.00=Sie konnten erfolgreich von allen Online-Applikation abgemeldet werden.
 slo.01=Sie konnten NICHT erfolgreich von allen Online-Applikationen abgemeldet werden\!<BR>Bitte schlie\u00DFen Sie aus sicherheitsgr\u00FCnden Ihren Browser.
-slo.02=Es wurde keine aktive SSO Session gefunden oder Sie sind bei keiner Online-Applikation angemeldet.
\ No newline at end of file
+slo.02=Es wurde keine aktive SSO Session gefunden oder Sie sind bei keiner Online-Applikation angemeldet.
+
+process.01=Fehler beim Ausf\u00FChren des Prozesses.
diff --git a/id/server/stork2-commons/.gitignore b/id/server/stork2-commons/.gitignore
index ea8c4bf7f..a9036d427 100644
--- a/id/server/stork2-commons/.gitignore
+++ b/id/server/stork2-commons/.gitignore
@@ -1 +1,2 @@
 /target
+/stork-commons.log*
-- 
cgit v1.2.3


From ad40ae9233c5f2a32c983962d655e686af546677 Mon Sep 17 00:00:00 2001
From: Thomas Knall <t.knall@datentechnik-innovation.com>
Date: Thu, 22 Jan 2015 12:13:07 +0100
Subject: Add mandate process support (MOAID-60).

- Refactor moa-id auth web.xml
-- Group the servlets with their corresponding mappings.
-- Replace servlets for mappings "/GetMISSessionID", "/VerifyAuthBlock", "/VerifyCertificate" and "/VerifyIdentityLink".
-- Remove disabled declarations.
- Replace link http://jigsaw.w3.org/css-validator/images/vcss-blue with https://... within the internal templates (loginFormFull.html, sendAssertionFormFull.html, ...).
- Set classes deprecated: GetMISSessionIDServlet, VerifyCertificateServlet
- ProcessEngineSignalServlet: make GET delegate to PUT
- Replace some "implements MOAIDAuthConstants" with "import static MOAIDAuthConstants.*".
- Add detailed Javadoc to *Task.java.
- Update DefaultAuthentication.process.xml for mandate
- Add GetMISSessionIDTask and VerifyCertificateTask.
- Add adapter class for iaik.IAIKRuntimeException in order to satisfy some library's bogus dependendies.
---
 id/server/auth/src/main/webapp/WEB-INF/web.xml     | 272 +++++-------------
 .../htmlTemplates/loginFormFull.html               |   2 +-
 .../htmlTemplates/sendAssertionFormFull.html       |   2 +-
 .../conf/moa-id/htmlTemplates/loginFormFull.html   |   2 +-
 .../htmlTemplates/sendAssertionFormFull.html       |   2 +-
 .../conf/moa-id/htmlTemplates/slo_template.html    |   2 +-
 id/server/doc/htmlTemplates/BKU-selection.html     |   2 +-
 id/server/doc/htmlTemplates/sendAssertion.html     |   2 +-
 .../id/auth/servlet/GetMISSessionIDServlet.java    |   7 +-
 .../auth/servlet/ProcessEngineSignalServlet.java   |  39 ++-
 .../id/auth/servlet/VerifyCertificateServlet.java  |   9 +-
 .../moa/id/auth/tasks/AbstractAuthServletTask.java |  68 ++---
 .../id/auth/tasks/CreateIdentityLinkFormTask.java  |  36 +++
 .../moa/id/auth/tasks/GetMISSessionIDTask.java     | 182 ++++++++++++
 .../auth/tasks/VerifyAuthenticationBlockTask.java  |  56 ++--
 .../moa/id/auth/tasks/VerifyCertificateTask.java   | 166 +++++++++++
 .../moa/id/auth/tasks/VerifyIdentityLinkTask.java  | 319 +++++++++++----------
 .../protocols/pvp2x/exceptions/loginFormFull.html  |   2 +-
 .../src/main/java/iaik/IAIKRuntimeException.java   |  18 ++
 .../processes/DefaultAuthentication.process.xml    |  23 +-
 .../resources/templates/loginFormFull.html         |   2 +-
 .../resources/templates/sendAssertionFormFull.html |   2 +-
 .../resources/templates/slo_template.html          |   2 +-
 23 files changed, 769 insertions(+), 448 deletions(-)
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/GetMISSessionIDTask.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyCertificateTask.java
 create mode 100644 id/server/idserverlib/src/main/java/iaik/IAIKRuntimeException.java

(limited to 'id/server/auth/src')

diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml
index 477cce57b..1dd3b7a40 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/web.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml
@@ -36,41 +36,67 @@
 		<filter-name>requestContextFilter</filter-name>
 		<url-pattern>/*</url-pattern>
 	</filter-mapping>
+	
+	<filter>
+		<filter-name>UrlRewriteFilter</filter-name>
+		<filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
+	</filter>
+	<filter-mapping>
+		<filter-name>UrlRewriteFilter</filter-name>
+		<url-pattern>/*</url-pattern>
+	</filter-mapping>
 
-
-<!-- 	<servlet>
-		<servlet-name>SelectBKU</servlet-name>
-		<display-name>SelectBKU</display-name>
-		<description>Select Bürgerkartenartenumgebung</description>
-		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.SelectBKUServlet</servlet-class>
-	</servlet> -->
 	<servlet>
 		<description>Generate BKU Request template</description>
 		<display-name>GenerateIframeTemplate</display-name>
 		<servlet-name>GenerateIframeTemplate</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet</servlet-class>
 	</servlet>
+	<servlet-mapping>
+		<servlet-name>GenerateIframeTemplate</servlet-name>
+		<url-pattern>/GenerateIframeTemplate</url-pattern>
+	</servlet-mapping>
+	
 	<servlet>
 		<display-name>RedirectServlet</display-name>
 		<servlet-name>RedirectServlet</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.RedirectServlet</servlet-class>
 	</servlet>
+	<servlet-mapping>
+		<servlet-name>RedirectServlet</servlet-name>
+		<url-pattern>/RedirectServlet</url-pattern>
+	</servlet-mapping>
+	
 	<servlet>
 		<display-name>MonitoringServlet</display-name>
 		<servlet-name>MonitoringServlet</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.MonitoringServlet</servlet-class>
 	</servlet>
+	<servlet-mapping>
+		<servlet-name>MonitoringServlet</servlet-name>
+		<url-pattern>/MonitoringServlet</url-pattern>
+	</servlet-mapping>
+	
 	<servlet>
 		<display-name>SSOSendAssertionServlet</display-name>
 		<servlet-name>SSOSendAssertionServlet</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.SSOSendAssertionServlet</servlet-class>
-	</servlet>	
+	</servlet>
+	<servlet-mapping>
+		<servlet-name>SSOSendAssertionServlet</servlet-name>
+		<url-pattern>/SSOSendAssertionServlet</url-pattern>
+	</servlet-mapping>
+	
 	<servlet>
 		<description>SSO LogOut</description>
 		<display-name>LogOut</display-name>
 		<servlet-name>LogOut</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.LogOutServlet</servlet-class>
 	</servlet>
+	<servlet-mapping>
+		<servlet-name>LogOut</servlet-name>
+		<url-pattern>/LogOut</url-pattern>
+	</servlet-mapping>
 	
 	<servlet>
 		<description>IDP Single LogOut Service</description>
@@ -78,25 +104,10 @@
 		<servlet-name>IDPSLO</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.IDPSingleLogOutServlet</servlet-class>
 	</servlet>
-	
-	<servlet>
-		<description>Verify identity link coming from security layer</description>
-		<display-name>VerifyIdentityLink</display-name>
-		<servlet-name>VerifyIdentityLink</servlet-name>
-		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet</servlet-class>
-	</servlet>
-	<servlet>
-		<description>Verify the certificate coming from security layer</description>
-		<display-name>VerifyCertificate</display-name>
-		<servlet-name>VerifyCertificate</servlet-name>
-		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet</servlet-class>
-	</servlet>
-	<servlet>
-		<description>Get the MIS session ID coming from security layer</description>
-		<display-name>GetMISSessionID</display-name>
-		<servlet-name>GetMISSessionID</servlet-name>
-		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.GetMISSessionIDServlet</servlet-class>
-	</servlet>
+	<servlet-mapping>
+		<servlet-name>IDPSLO</servlet-name>
+		<url-pattern>/idpSingleLogout</url-pattern>
+	</servlet-mapping>
 
 	<servlet>
 		<description>Gets the foreign eID from security layer</description>
@@ -104,223 +115,84 @@
 		<servlet-name>GetForeignID</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.GetForeignIDServlet</servlet-class>
 	</servlet>
-<!-- 	<servlet>
-		<servlet-name>ProcessInput</servlet-name>
-		<display-name>ProcessInput</display-name>
-		<description>Process user input needed by infobox validators</description>
-		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.ProcessValidatorInputServlet</servlet-class>
-	</servlet> -->
-	<servlet>
-		<description>Verify AUTH block coming from security layer</description>
-		<display-name>VerifyAuthBlock</display-name>
-		<servlet-name>VerifyAuthBlock</servlet-name>
-		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet</servlet-class>
-	</servlet>
-<!-- 	<servlet>
-		<servlet-name>ConfigurationUpdate</servlet-name>
-		<display-name>ConfigurationUpdate</display-name>
-		<description>Update MOA-ID Auth configuration from the configuration
-			file</description>
-		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.ConfigurationServlet</servlet-class>
-	</servlet> -->
+	<servlet-mapping>
+		<servlet-name>GetForeignID</servlet-name>
+		<url-pattern>/GetForeignID</url-pattern>
+	</servlet-mapping>
+	
 	<servlet>
 		<display-name>Apache-Axis Servlet</display-name>
 		<servlet-name>AxisServlet</servlet-name>
 		<servlet-class>org.apache.axis.transport.http.AxisServlet</servlet-class>
 	</servlet>
+	<servlet-mapping>
+		<servlet-name>AxisServlet</servlet-name>
+		<url-pattern>/services/*</url-pattern>
+	</servlet-mapping>
 
- 	<!-- JSP servlet -->
-<!--	<servlet>
-		<servlet-name>jspservlet</servlet-name>
-		<servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>
-	</servlet> -->
 	<servlet>
-		<description>Servlet receiving STORK SAML Response Messages from
-			different C-PEPS</description>
+		<description>Servlet receiving STORK SAML Response Messages from different C-PEPS</description>
 		<display-name>PEPSConnectorServlet</display-name>
 		<servlet-name>PEPSConnectorServlet</servlet-name>
-		<servlet-class>
-			at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet</servlet-class>
+		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet</servlet-class>
 	</servlet>
+	<servlet-mapping>
+		<servlet-name>PEPSConnectorServlet</servlet-name>
+		<url-pattern>/PEPSConnector</url-pattern>
+	</servlet-mapping>
+
 	<servlet>
-		<description>Servlet receiving STORK SAML Response Messages from
-			different C-PEPS</description>
+		<description>Servlet receiving STORK SAML Response Messages from different C-PEPS</description>
 		<display-name>PEPSConnectorWithLocalSigningServlet</display-name>
 		<servlet-name>PEPSConnectorWithLocalSigningServlet</servlet-name>
-		<servlet-class>
-			at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet</servlet-class>
+		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet</servlet-class>
 	</servlet>
-
-	<!-- Dispatcher servlets 
-	<servlet>
-		<servlet-name>AuthDispatcherServlet</servlet-name>
-		<display-name>AuthDispatcher Servlet</display-name>
-		<servlet-class>at.gv.egovernment.moa.id.entrypoints.AuthDispatcherServlet</servlet-class>
-		<load-on-startup>1</load-on-startup>
-	</servlet>-->
+	<servlet-mapping>
+		<servlet-name>PEPSConnectorWithLocalSigningServlet</servlet-name>
+		<url-pattern>/PEPSConnectorWithLocalSigning</url-pattern>
+	</servlet-mapping>
+	
 	<servlet>
 		<display-name>Dispatcher Servlet</display-name>
 		<servlet-name>DispatcherServlet</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.entrypoints.DispatcherServlet</servlet-class>
 		<load-on-startup>1</load-on-startup>
 	</servlet>
-
-	<!-- Servlet Registration -->
-	<servlet>
-		<servlet-name>at.gv.egovernment.moa.id.protocols.saml1.GetArtifactServlet</servlet-name>
-		<servlet-class>at.gv.egovernment.moa.id.protocols.saml1.GetArtifactServlet</servlet-class>
-	</servlet>
+	<servlet-mapping>
+		<servlet-name>DispatcherServlet</servlet-name>
+		<url-pattern>/dispatcher</url-pattern>
+	</servlet-mapping>
 
 	<servlet>
-		<description>Resumes a suspended process engine task.</description>
+		<description>Resumes a suspended process task.</description>
 		<display-name>ProcessEngineSignal</display-name>
 		<servlet-name>ProcessEngineSignal</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.ProcessEngineSignalServlet</servlet-class>
 	</servlet>
-
-
-
-	<servlet-mapping>
-		<servlet-name>DispatcherServlet</servlet-name>
-		<url-pattern>/dispatcher</url-pattern>
-	</servlet-mapping>
-	<!-- servlet-mapping>
-		<servlet-name>AuthDispatcherServlet</servlet-name>
-		<url-pattern>/AuthDispatcher</url-pattern>
-	</servlet-mapping -->
-
-
-	<!-- servlet mapping for jsp pages -->
-	<!-- errorpage.jsp (customizeable) -->
-<!-- 	<servlet-mapping>
-		<servlet-name>jspservlet</servlet-name>
-		<url-pattern>/errorpage-auth.jsp</url-pattern>
-	</servlet-mapping>
-	message.jsp (customizeable) used for non error messages (e.g. ConfigurationUpdate)
-	<servlet-mapping>
-		<servlet-name>jspservlet</servlet-name>
-		<url-pattern>/message-auth.jsp</url-pattern>
-	</servlet-mapping> -->
-
-<!-- 	<servlet-mapping>
-		<servlet-name>SelectBKU</servlet-name>
-		<url-pattern>/SelectBKU</url-pattern>
-	</servlet-mapping> -->
-	<servlet-mapping>
-		<servlet-name>GenerateIframeTemplate</servlet-name>
-		<url-pattern>/GenerateIframeTemplate</url-pattern>
-	</servlet-mapping>
-	<servlet-mapping>
-		<servlet-name>RedirectServlet</servlet-name>
-		<url-pattern>/RedirectServlet</url-pattern>
-	</servlet-mapping>
-	<servlet-mapping>
-		<servlet-name>MonitoringServlet</servlet-name>
-		<url-pattern>/MonitoringServlet</url-pattern>
-	</servlet-mapping>
 	<servlet-mapping>
-		<servlet-name>SSOSendAssertionServlet</servlet-name>
-		<url-pattern>/SSOSendAssertionServlet</url-pattern>
-	</servlet-mapping>	
- 	<servlet-mapping>
-		<servlet-name>LogOut</servlet-name>
-		<url-pattern>/LogOut</url-pattern>
-	</servlet-mapping>
-	<servlet-mapping>
-		<servlet-name>IDPSLO</servlet-name>
-		<url-pattern>/idpSingleLogout</url-pattern>
-	</servlet-mapping>	
-	<servlet-mapping>
-		<!--
-		<servlet-name>VerifyIdentityLink</servlet-name>
-		-->
 		<servlet-name>ProcessEngineSignal</servlet-name>
-		<url-pattern>/VerifyIdentityLink</url-pattern>
-	</servlet-mapping>
-	<servlet-mapping>
-		<servlet-name>VerifyCertificate</servlet-name>
-		<url-pattern>/VerifyCertificate</url-pattern>
-	</servlet-mapping>
-	<servlet-mapping>
-		<servlet-name>GetMISSessionID</servlet-name>
 		<url-pattern>/GetMISSessionID</url-pattern>
-	</servlet-mapping>
-	<servlet-mapping>
-		<servlet-name>GetForeignID</servlet-name>
-		<url-pattern>/GetForeignID</url-pattern>
-	</servlet-mapping>
-
-<!-- 	<servlet-mapping>
-		<servlet-name>ProcessInput</servlet-name>
-		<url-pattern>/ProcessInput</url-pattern>
-	</servlet-mapping> -->
-	
-	<servlet-mapping>
-		<!--
-		<servlet-name>VerifyAuthBlock</servlet-name>
-		-->
-		<servlet-name>ProcessEngineSignal</servlet-name>
 		<url-pattern>/VerifyAuthBlock</url-pattern>
+		<url-pattern>/VerifyCertificate</url-pattern>
+		<url-pattern>/VerifyIdentityLink</url-pattern>
 	</servlet-mapping>
-<!-- 	<servlet-mapping>
-		<servlet-name>ConfigurationUpdate</servlet-name>
-		<url-pattern>/ConfigurationUpdate</url-pattern>
-	</servlet-mapping> -->
-	<servlet-mapping>
-		<servlet-name>AxisServlet</servlet-name>
-		<url-pattern>/services/*</url-pattern>
-	</servlet-mapping>
-	<servlet-mapping>
-		<servlet-name>PEPSConnectorServlet</servlet-name>
-		<url-pattern>/PEPSConnector</url-pattern>
-	</servlet-mapping>
-<servlet-mapping>
-		<servlet-name>PEPSConnectorWithLocalSigningServlet</servlet-name>
-		<url-pattern>/PEPSConnectorWithLocalSigning</url-pattern>
-	</servlet-mapping>
-	<!-- Filters -->
-	<!-- <filter> <filter-name>DispatcherDecoratorFilter</filter-name> <filter-class>at.gv.egovernment.moa.id.sso.DispatcherDecoratorFilter</filter-class> 
-		</filter> -->
-
-	<filter>
-		<filter-name>UrlRewriteFilter</filter-name>
-		<filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
-	</filter>
-
-	<filter-mapping>
-		<filter-name>UrlRewriteFilter</filter-name>
-		<url-pattern>/*</url-pattern>
-	</filter-mapping>
-	<!-- <filter-mapping> <filter-name>DispatcherDecoratorFilter</filter-name> 
-		<url-pattern>/AuthDispatcher</url-pattern> <dispatcher>REQUEST</dispatcher> 
-		<dispatcher>FORWARD</dispatcher> </filter-mapping> <filter-mapping> <filter-name>DispatcherDecoratorFilter</filter-name> 
-		<url-pattern>/StartAuthentication</url-pattern> <dispatcher>REQUEST</dispatcher> 
-		<dispatcher>FORWARD</dispatcher> </filter-mapping> -->
 
 	<session-config>
 		<session-timeout>5</session-timeout>
 	</session-config>
+	
 	<error-page>
 		<error-code>500</error-code>
 		<location>/errorpage.jsp</location>
 	</error-page>
-<!-- 	<security-constraint>
-		<web-resource-collection>
-			<web-resource-name>ConfigurationUpdate</web-resource-name>
-			<url-pattern>/ConfigurationUpdate</url-pattern>
-		</web-resource-collection>
-		<auth-constraint>
-			<role-name>moa-admin</role-name>
-		</auth-constraint>
-	</security-constraint> -->
+	
 	<login-config>
 		<auth-method>BASIC</auth-method>
 		<realm-name>UserDatabase</realm-name>
 	</login-config>
 	<security-role>
-		<description>
-			The role that is required to log in to the moa Application
-		</description>
+		<description>The role that is required to log in to the moa Application</description>
 		<role-name>moa-admin</role-name>
 	</security-role>
+
 </web-app>
diff --git a/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/loginFormFull.html b/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/loginFormFull.html
index ef070b8eb..d0af6401b 100644
--- a/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/loginFormFull.html
+++ b/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/loginFormFull.html
@@ -837,7 +837,7 @@
 				src="#CONTEXTPATH#/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
 			</a> <a href="http://jigsaw.w3.org/css-validator/"> <img
 				style="border: 0; width: 88px; height: 31px"
-				src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
+				src="https://jigsaw.w3.org/css-validator/images/vcss-blue"
 				alt="CSS ist valide!" />
 			</a>
 		</div>
diff --git a/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/sendAssertionFormFull.html b/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/sendAssertionFormFull.html
index b80d654cc..1a3e683de 100644
--- a/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/sendAssertionFormFull.html
+++ b/id/server/data/deploy/conf/moa-id-configuration/htmlTemplates/sendAssertionFormFull.html
@@ -608,7 +608,7 @@
         </a>
         <a href="http://jigsaw.w3.org/css-validator/">
           <img   style="border:0;width:88px;height:31px"
-                 src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
+                 src="https://jigsaw.w3.org/css-validator/images/vcss-blue"
                  alt="CSS ist valide!" />
         </a>
     </div>
diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html
index f19cc5320..5b534fca3 100644
--- a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html
+++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html
@@ -837,7 +837,7 @@
 				src="#CONTEXTPATH#/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
 			</a> <a href="http://jigsaw.w3.org/css-validator/"> <img
 				style="border: 0; width: 88px; height: 31px"
-				src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
+				src="https://jigsaw.w3.org/css-validator/images/vcss-blue"
 				alt="CSS ist valide!" />
 			</a>
 		</div>
diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/sendAssertionFormFull.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/sendAssertionFormFull.html
index b80d654cc..1a3e683de 100644
--- a/id/server/data/deploy/conf/moa-id/htmlTemplates/sendAssertionFormFull.html
+++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/sendAssertionFormFull.html
@@ -608,7 +608,7 @@
         </a>
         <a href="http://jigsaw.w3.org/css-validator/">
           <img   style="border:0;width:88px;height:31px"
-                 src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
+                 src="https://jigsaw.w3.org/css-validator/images/vcss-blue"
                  alt="CSS ist valide!" />
         </a>
     </div>
diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/slo_template.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/slo_template.html
index 6cefe4054..9a621998c 100644
--- a/id/server/data/deploy/conf/moa-id/htmlTemplates/slo_template.html
+++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/slo_template.html
@@ -450,7 +450,7 @@
 				src="$contextpath/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
 			</a> <a href="http://jigsaw.w3.org/css-validator/"> <img
 				style="border: 0; width: 88px; height: 31px"
-				src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
+				src="https://jigsaw.w3.org/css-validator/images/vcss-blue"
 				alt="CSS ist valide!" />
 			</a>
 		</div>
diff --git a/id/server/doc/htmlTemplates/BKU-selection.html b/id/server/doc/htmlTemplates/BKU-selection.html
index ef070b8eb..d0af6401b 100644
--- a/id/server/doc/htmlTemplates/BKU-selection.html
+++ b/id/server/doc/htmlTemplates/BKU-selection.html
@@ -837,7 +837,7 @@
 				src="#CONTEXTPATH#/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
 			</a> <a href="http://jigsaw.w3.org/css-validator/"> <img
 				style="border: 0; width: 88px; height: 31px"
-				src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
+				src="https://jigsaw.w3.org/css-validator/images/vcss-blue"
 				alt="CSS ist valide!" />
 			</a>
 		</div>
diff --git a/id/server/doc/htmlTemplates/sendAssertion.html b/id/server/doc/htmlTemplates/sendAssertion.html
index b80d654cc..1a3e683de 100644
--- a/id/server/doc/htmlTemplates/sendAssertion.html
+++ b/id/server/doc/htmlTemplates/sendAssertion.html
@@ -608,7 +608,7 @@
         </a>
         <a href="http://jigsaw.w3.org/css-validator/">
           <img   style="border:0;width:88px;height:31px"
-                 src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
+                 src="https://jigsaw.w3.org/css-validator/images/vcss-blue"
                  alt="CSS ist valide!" />
         </a>
     </div>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
index 20c32a3ec..dd5253e77 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
@@ -67,6 +67,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.tasks.GetMISSessionIDTask;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
 import at.gv.egovernment.moa.id.config.ConnectionParameter;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
@@ -83,7 +84,7 @@ import at.gv.egovernment.moa.util.DOMUtils;
 /**
  * Servlet requested for getting the foreign eID provided by the security layer
  * implementation. Utilizes the {@link AuthenticationServer}.
- * 
+ * @deprecated Use {@link GetMISSessionIDTask} instead.
  */
 public class GetMISSessionIDServlet extends AuthServlet {
 
@@ -136,6 +137,10 @@ public class GetMISSessionIDServlet extends AuthServlet {
 
 		Logger.debug("POST GetMISSessionIDServlet");
 
+		  if (System.currentTimeMillis() > 0) {
+			  throw new IllegalStateException(getClass().getName() + " should not be called any more.");
+		  }		
+		
 		resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
 				MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
 		resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java
index 1ea8631c6..849ccf5db 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java
@@ -17,19 +17,46 @@ import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 
 import com.datentechnik.process_engine.ProcessInstance;
 
+/**
+ * Servlet that resumes a suspended process (in case of asynchronous tasks).
+ * 
+ * @author tknall
+ * 
+ */
 public class ProcessEngineSignalServlet extends AuthServlet {
 
 	private static final long serialVersionUID = 1L;
 
+	/**
+	 * Sets response headers that prevent caching (code taken from {@link AuthServlet}).
+	 * 
+	 * @param resp
+	 *            The HttpServletResponse.
+	 */
+	private void setNoCachingHeaders(HttpServletResponse resp) {
+		resp.setHeader(HEADER_EXPIRES, HEADER_VALUE_EXPIRES);
+		resp.setHeader(HEADER_PRAGMA, HEADER_VALUE_PRAGMA);
+		resp.setHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL);
+		resp.addHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL_IE);
+	}
+
+	/**
+	 * Processes a GET request, delegating the call to {@link #doPost(HttpServletRequest, HttpServletResponse)}.
+	 */
+	@Override
+	protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
+		this.doPost(req, resp);
+	}
+
+	/**
+	 * Resumes the current process instance that has been suspended due to an asynchronous task. The process instance is
+	 * retrieved from the MOA session referred to by the request parameter {@link MOAIDAuthConstants#PARAM_SESSIONID}.
+	 */
 	@Override
 	protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
 		String sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID));
 
-		resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
-		resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
-		resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
-		resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-
+		setNoCachingHeaders(resp);
 		try {
 
 			// check parameter
@@ -44,7 +71,7 @@ public class ProcessEngineSignalServlet extends AuthServlet {
 			if (session.getProcessInstanceId() == null) {
 				throw new IllegalStateException("MOA session does not provide process instance id.");
 			}
-			
+
 			// wake up next task
 			ProcessInstance pi = getProcessEngine().getProcessInstance(session.getProcessInstanceId());
 			getProcessEngine().signal(pi);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
index a3397f561..36e219a97 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
@@ -65,6 +65,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.tasks.VerifyCertificateTask;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
@@ -77,6 +78,7 @@ import at.gv.egovernment.moa.spss.util.CertificateUtils;
  * Servlet requested for getting the foreign eID
  * provided by the security layer implementation.
  * Utilizes the {@link AuthenticationServer}.
+ * @deprecated Use {@link VerifyCertificateTask} instead.
  *
  */
 public class VerifyCertificateServlet extends AuthServlet {
@@ -124,6 +126,9 @@ public class VerifyCertificateServlet extends AuthServlet {
   protected void doPost(HttpServletRequest req, HttpServletResponse resp)
     throws ServletException, IOException {
 
+	  if (System.currentTimeMillis() > 0) {
+		  throw new IllegalStateException(getClass().getName() + " should not be called any more.");
+	  }
 		Logger.debug("POST VerifyCertificateServlet");
 		
 		resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
@@ -180,7 +185,8 @@ public class VerifyCertificateServlet extends AuthServlet {
 					throw new MOAIDException("session store error", null);
 				}
 	    		
-	    		ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate");
+		    	ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate");
+	    		
 	    	}
 	    	else {
 	    			
@@ -210,7 +216,6 @@ public class VerifyCertificateServlet extends AuthServlet {
 		    	
 		    	ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl);
 		    	
-		    	
 		    	Logger.debug("Send CreateXMLSignatureRequest to BKU");
 	    	}	    		    	 
 	    }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/AbstractAuthServletTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/AbstractAuthServletTask.java
index d43e8cf68..d5b869777 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/AbstractAuthServletTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/AbstractAuthServletTask.java
@@ -1,5 +1,7 @@
 package at.gv.egovernment.moa.id.auth.tasks;
 
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
+
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
@@ -9,7 +11,6 @@ import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 import java.util.Map.Entry;
-import java.util.Set;
 
 import javax.servlet.RequestDispatcher;
 import javax.servlet.ServletContext;
@@ -25,10 +26,10 @@ import org.apache.commons.fileupload.servlet.ServletFileUpload;
 import org.apache.commons.lang3.ArrayUtils;
 
 import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
 import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet;
 import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl;
@@ -36,11 +37,17 @@ import at.gv.egovernment.moa.id.storage.IExceptionStore;
 import at.gv.egovernment.moa.id.util.ServletUtils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
-import at.gv.egovernment.moa.util.URLDecoder;
 
 import com.datentechnik.process_engine.springweb.AbstractSpringWebSupportedTask;
 
-public abstract class AbstractAuthServletTask extends AbstractSpringWebSupportedTask implements MOAIDAuthConstants {
+/**
+ * Task based counterpart to {@link AuthServlet}, providing the same utility methods (error handling, parameter parsing
+ * etc.).</p> The code has been taken from {@link AuthServlet}.
+ * 
+ * @author tknall
+ * 
+ */
+public abstract class AbstractAuthServletTask extends AbstractSpringWebSupportedTask {
 
 	protected static final String ERROR_CODE_PARAM = "errorid";
 
@@ -75,14 +82,10 @@ public abstract class AbstractAuthServletTask extends AbstractSpringWebSupported
 				.getRequestDispatcher("/errorpage-auth.jsp");
 		try {
 
-			resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
-					MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
-			resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
-					MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
-			resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
-					MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
-			resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
-					MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+			resp.setHeader(HEADER_EXPIRES, HEADER_VALUE_EXPIRES);
+			resp.setHeader(HEADER_PRAGMA, HEADER_VALUE_PRAGMA);
+			resp.setHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL);
+			resp.addHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL_IE);
 
 			dispatcher.forward(req, resp);
 		} catch (ServletException e) {
@@ -179,15 +182,7 @@ public abstract class AbstractAuthServletTask extends AbstractSpringWebSupported
 		RequestDispatcher dispatcher = context
 				.getRequestDispatcher("/errorpage-auth.jsp");
 		try {
-			resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
-					MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
-			resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
-					MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
-			resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
-					MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
-			resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
-					MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-
+			setNoCachingHeaders(resp);
 			dispatcher.forward(req, resp);
 		} catch (ServletException e) {
 			Logger.error(e);
@@ -324,32 +319,17 @@ public abstract class AbstractAuthServletTask extends AbstractSpringWebSupported
 		return bout.toString();
 	}
 
-
-	
-//	public void contextDestroyed(ServletContextEvent arg0) {
-//		Security.removeProvider((new IAIK()).getName());
-//		Security.removeProvider((new ECCProvider()).getName());
-//	}
-	
 	/**
-	 * Set response headers to avoid caching
+	 * Sets response headers that prevent caching (code taken from {@link AuthServlet}).
 	 * 
-	 * @param request
-	 *            HttpServletRequest
-	 * @param response
-	 *            HttpServletResponse
+	 * @param resp
+	 *            The HttpServletResponse.
 	 */
-	protected void setNoCachingHeadersInHttpRespone(HttpServletRequest request,
-			HttpServletResponse response) {
-		response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
-				MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
-		response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
-				MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
-		response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
-				MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
-		response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
-				MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-
+	private void setNoCachingHeaders(HttpServletResponse resp) {
+		resp.setHeader(HEADER_EXPIRES, HEADER_VALUE_EXPIRES);
+		resp.setHeader(HEADER_PRAGMA, HEADER_VALUE_PRAGMA);
+		resp.setHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL);
+		resp.addHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL_IE);
 	}
 
 	/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/CreateIdentityLinkFormTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/CreateIdentityLinkFormTask.java
index 4c87bb689..70afd477d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/CreateIdentityLinkFormTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/CreateIdentityLinkFormTask.java
@@ -1,5 +1,7 @@
 package at.gv.egovernment.moa.id.auth.tasks;
 
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
+
 import java.io.PrintWriter;
 
 import javax.servlet.http.HttpServletRequest;
@@ -8,6 +10,7 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang3.ObjectUtils;
 
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -22,6 +25,39 @@ import at.gv.egovernment.moa.util.StringUtils;
 
 import com.datentechnik.process_engine.api.ExecutionContext;
 
+/**
+ * Creates a http form including an embedded {@code InfoBoxReadRequest} for reading the identity link.<p/>
+ * In detail:
+ * <ul>
+ * <li>Renames the moa session id.</li>
+ * <li>Removes ExecutionContext property {@link MOAIDAuthConstants#PARAM_SESSIONID}.</li>
+ * <li>Creates the http form mentioned above.</li>
+ * <li>Returns the http form via HttpServletResponse.</li>
+ * </ul>
+ * Expects:
+ * <ul>
+ * <li>HttpServletRequest parameter {@link MOAIDAuthConstants#PARAM_SESSIONID} <strong>or</strong></li>
+ * <li>ExecutionContext property {@link MOAIDAuthConstants#PARAM_SESSIONID} (in case of legacy authentication without CCE selection, where the moa session is not provided by request parameter).</li>
+ * </ul>
+ * Result:
+ * <ul>
+ * <li>The identity link form via HttpServletResponse.</li>
+ * </ul>
+ * Possible branches:
+ * <ul>
+ * <li>In case of STORK authentication
+ * <ul>
+ * <li>Creates STORK auth SAML request.</li>
+ * <li>Creates and returns a form for submitting the SAML request to the CPEPS (post binding).</li>
+ * <li>Returns the form via HttpServletResponse.</li>
+ * </ul>
+ * </li>
+ * </ul>
+ * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet}.
+ * @author tknall
+ * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
+ *
+ */
 public class CreateIdentityLinkFormTask extends AbstractAuthServletTask {
 
 	@Override
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/GetMISSessionIDTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/GetMISSessionIDTask.java
new file mode 100644
index 000000000..40e33ae43
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/GetMISSessionIDTask.java
@@ -0,0 +1,182 @@
+package at.gv.egovernment.moa.id.auth.tasks;
+
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
+import iaik.pki.PKIException;
+
+import java.security.GeneralSecurityException;
+import java.util.List;
+
+import javax.net.ssl.SSLSocketFactory;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.xml.sax.SAXException;
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
+
+import com.datentechnik.process_engine.api.ExecutionContext;
+
+/**
+ * Retrieves a mandate from the online mandate issuing service.<p/>
+ * In detail:
+ * <ul>
+ * <li>Renames the moa session id.</li>
+ * <li>Retrieves the mandate referenced within the moa session from the online (external) mandate issuing service.</li>
+ * <li>Verifies the mandate.</li>
+ * <li>Puts mandate into moa session.</li>
+ * <li>Redirects back to {@code /dispatcher} in order to finalize the authentication.</li>
+ * </ul>
+ * Expects:
+ * <ul>
+ * <li>HttpServletRequest parameter {@link MOAIDAuthConstants#PARAM_SESSIONID}</li>
+ * </ul>
+ * Result:
+ * <ul>
+ * <li>Mandate put into moa session.</li>
+ * <li>Redirect to {@code /dispatcher}.</li>
+ * </ul>
+ * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.GetMISSessionIDServlet}.
+ * @author tknall
+ * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
+ *
+ */
+public class GetMISSessionIDTask extends AbstractAuthServletTask {
+
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
+			throws Exception {
+		
+		Logger.debug("POST GetMISSessionIDServlet");
+
+		String sessionID = req.getParameter(PARAM_SESSIONID);
+
+		// escape parameter strings
+		sessionID = StringEscapeUtils.escapeHtml(sessionID);
+
+		AuthenticationSession session = null;
+		String pendingRequestID = null;
+		try {
+			// check parameter
+			if (!ParamValidatorUtils.isValidSessionID(sessionID))
+				throw new WrongParametersException("VerifyCertificate",
+						PARAM_SESSIONID, "auth.12");
+
+			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+			
+			session = AuthenticationServer.getSession(sessionID);
+
+			//change MOASessionID
+		    sessionID = AuthenticationSessionStoreage.changeSessionID(session);
+			
+			String misSessionID = session.getMISSessionID();
+
+			AuthConfigurationProvider authConf = AuthConfigurationProvider
+					.getInstance();
+			ConnectionParameter connectionParameters = authConf
+					.getOnlineMandatesConnectionParameter();
+			SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(
+					AuthConfigurationProvider.getInstance(),
+					connectionParameters);
+
+			List<MISMandate> list = MISSimpleClient.sendGetMandatesRequest(
+					connectionParameters.getUrl(), misSessionID, sslFactory);
+
+			if (list == null || list.size() == 0) {
+				Logger.error("Keine Vollmacht gefunden.");
+				throw new AuthenticationException("auth.15", null);
+			}
+
+			// for now: list contains only one element
+			MISMandate mandate = (MISMandate) list.get(0);
+
+			// TODO[tlenz]: UTF-8 ?
+			String sMandate = new String(mandate.getMandate());
+			if (sMandate == null || sMandate.compareToIgnoreCase("") == 0) {
+				Logger.error("Mandate is empty.");
+				throw new AuthenticationException("auth.15",
+						new Object[] { GET_MIS_SESSIONID });
+			}
+						
+			//check if it is a parsable XML
+			byte[] byteMandate = mandate.getMandate();
+			// TODO[tlenz]: UTF-8 ?
+			String stringMandate = new String(byteMandate);
+			DOMUtils.parseDocument(stringMandate, false,
+					null, null).getDocumentElement();
+			
+			// extract RepresentationType
+			AuthenticationServer.getInstance().verifyMandate(session, mandate);
+			
+			session.setMISMandate(mandate);
+			session.setAuthenticatedUsed(false);
+			session.setAuthenticated(true);
+			
+	    	//set QAA Level four in case of card authentifcation
+	    	session.setQAALevel(PVPConstants.STORK_QAA_1_4);
+			
+			String oldsessionID = session.getSessionID();
+			
+			//Session is implicite stored in changeSessionID!!!
+			String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session);
+			
+			Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID);
+			Logger.info("Daten angelegt zu MOASession " + newMOASessionID);
+						
+			String redirectURL = new DataURLBuilder().buildDataURL(
+					session.getAuthURL(),
+					ModulUtils.buildAuthURL(session.getModul(),
+							session.getAction(), pendingRequestID), newMOASessionID);
+			redirectURL = resp.encodeRedirectURL(redirectURL);
+			
+			// TODO[branch]: Final step back to /dispatcher
+			
+			resp.setContentType("text/html");
+			resp.setStatus(302);
+			resp.addHeader("Location", redirectURL);
+			Logger.debug("REDIRECT TO: " + redirectURL);
+
+		} catch (MOAIDException ex) {
+			handleError(null, ex, req, resp, pendingRequestID);
+			
+		} catch (GeneralSecurityException ex) {
+			handleError(null, ex, req, resp, pendingRequestID);
+			
+		} catch (PKIException e) {
+			handleError(null, e, req, resp, pendingRequestID);
+			
+		} catch (SAXException e) {
+			handleError(null, e, req, resp, pendingRequestID);
+			
+		} catch (ParserConfigurationException e) {
+			handleError(null, e, req, resp, pendingRequestID);
+			
+	    } catch (Exception e) {
+	    	Logger.error("MISMandateValidation has an interal Error.", e);
+	       
+	    }
+	    finally {
+	    	ConfigurationDBUtils.closeSession();
+	    }
+		
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyAuthenticationBlockTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyAuthenticationBlockTask.java
index ff1bc8cd1..24fea05c9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyAuthenticationBlockTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyAuthenticationBlockTask.java
@@ -38,30 +38,44 @@ import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.DOMUtils;
 
 import com.datentechnik.process_engine.api.ExecutionContext;
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
 
+/**
+ * Verifies the signed authentication block (provided as {@code CreateXMLSignatureResponse}).<p/>
+ * In detail:
+ * <ul>
+ * <li>Renames the moa session id.</li>
+ * <li>Takes the {@code CreateXMLSignatureResponse} from POST parameter {@link MOAIDAuthConstants#PARAM_XMLRESPONSE}.</li>
+ * <li>Verifies the {@code CreateXMLSignatureResponse}.</li>
+ * <li>Updates moa session.</li>
+ * <li>Redirects back to {@code /dispatcher} in order to finalize the authentication.</li>
+ * </ul>
+ * Expects:
+ * <ul>
+ * <li>HttpServletRequest parameter {@link MOAIDAuthConstants#PARAM_SESSIONID}</li>
+ * <li>HttpServletRequest parameter {@link MOAIDAuthConstants#PARAM_XMLRESPONSE} containing a {@code CreateXMLSignatureResponse}.</li>
+ * </ul>
+ * Result:
+ * <ul>
+ * <li>Authentication data put into moa session.</li>
+ * <li>Redirect to {@code /dispatcher}.</li>
+ * </ul>
+ * Possible branches:
+ * <ul>
+ * <li>In case of mandate mode
+ * <ul>
+ * <li>Creates a mandate session at the external mandate issuing service.</li>
+ * <li>Redirects the user's browser to the online mandate issuing service GUI.</li>
+ * </ul>
+ * </li>
+ * </ul>
+ * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet}.
+ * @author tknall
+ * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
+ *
+ */
 public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask {
 
-	  /**
-	   * Verifies the signed authentication block and redirects the browser
-	   * to the online application requested, adding a parameter needed for
-	   * retrieving the authentication data.
-	   * <br>
-	   * Request parameters:
-	   * <ul>
-	   * <li>MOASessionID: ID of associated authentication session</li>
-	   * <li>XMLResponse: <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
-	   * </ul>
-	   * Response:
-	   * <ul>
-	   * <li>Status: <code>302</code></li>
-	   * <li>Header <code>"Location"</code>: URL of the online application requested, with
-	   * 						parameters <code>"Target"</code>(only if the online application is
-	   *            a public service) and <code>"SAMLArtifact"</code> added</li>
-	   * <li>Error status: <code>500</code>
-	   * </ul>
-	   * @see AuthenticationServer#verifyAuthenticationBlock
-	   * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
-	   */
 	@Override
 	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
 			throws Exception {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyCertificateTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyCertificateTask.java
new file mode 100644
index 000000000..979e64888
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyCertificateTask.java
@@ -0,0 +1,166 @@
+package at.gv.egovernment.moa.id.auth.tasks;
+
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
+import iaik.x509.X509Certificate;
+
+import java.io.IOException;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.fileupload.FileUploadException;
+import org.apache.commons.lang.StringEscapeUtils;
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.util.ServletUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.util.CertificateUtils;
+
+import com.datentechnik.process_engine.api.ExecutionContext;
+
+/**
+ * Parses the certificate from {@code InfoBoxReadResponse} (via POST parameter {@link MOAIDAuthConstants#PARAM_XMLRESPONSE}), creates the auth block to be signed and returns a {@code CreateXMLSignatureRequest} for auth block signature.<p/>
+ * In detail:
+ * <ul>
+ * <li>Renames the moa session id.</li>
+ * <li>Retrieves the certificate via {@code InfoBoxReadResponse} from POST parameter {@link MOAIDAuthConstants#PARAM_XMLRESPONSE}.</li>
+ * <li>Verifies the certificate.</li>
+ * <li>Creates the auth block to be signed using information from the certificate (Organwalter, foreign citizen.</li>
+ * <li>Puts it in a {@code CreateXMLSignatureRequest}.</li>
+ * <li>Updates moa session.</li>
+ * <li>Responds with {@code CreateXMLSignatureRequest}.</li>
+ * </ul>
+ * Expects:
+ * <ul>
+ * <li>HttpServletRequest parameter {@link MOAIDAuthConstants#PARAM_SESSIONID}</li>
+ * <li>HttpServletRequest parameter {@link MOAIDAuthConstants#PARAM_XMLRESPONSE} containing a {@code InfoBoxReadResponse}.</li>
+ * </ul>
+ * Result:
+ * <ul>
+ * <li>{@code CreateXMLSignatureRequest} send as HttpServletResponse (for CCE).</li>
+ * </ul>
+ * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet}.
+ * @author tknall
+ * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
+ *
+ */
+public class VerifyCertificateTask extends AbstractAuthServletTask {
+
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
+			throws Exception {
+
+		// note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet
+
+		Logger.debug("POST VerifyCertificateServlet");
+		
+		String pendingRequestID = null;
+		
+		Map<String, String> parameters;
+	    try 
+	    {
+	      parameters = getParameters(req);
+	    } catch (FileUploadException e) 
+	    {
+	      Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+	      throw new IOException(e.getMessage());
+	     	}
+	    String sessionID = req.getParameter(PARAM_SESSIONID);
+	    
+	    // escape parameter strings
+		sessionID = StringEscapeUtils.escapeHtml(sessionID);
+		
+		pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+		
+	    AuthenticationSession session = null;
+	    try {
+	       // check parameter
+	       if (!ParamValidatorUtils.isValidSessionID(sessionID))
+	          throw new WrongParametersException("VerifyCertificate", PARAM_SESSIONID, "auth.12");
+	       
+	    	session = AuthenticationServer.getSession(sessionID);
+	    	
+	        //change MOASessionID
+	        sessionID = AuthenticationSessionStoreage.changeSessionID(session);
+	    	
+    		X509Certificate cert = AuthenticationServer.getInstance().getCertificate(sessionID, parameters);
+    		if (cert == null) {
+    			Logger.error("Certificate could not be read.");
+    			throw new AuthenticationException("auth.14", null);    		
+    		}
+    		
+	    	boolean useMandate = session.getUseMandate();
+	    	
+	    	
+	    	if (useMandate) {
+
+	    		// verify certificate for OrganWalter
+	    		String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyCertificate(session, cert);
+	    		
+		    	try {
+					AuthenticationSessionStoreage.storeSession(session);
+				} catch (MOADatabaseException e) {
+					throw new MOAIDException("session store error", null);
+				}
+	    		
+		    	// TODO[branch]: Mandate; respond with CXSR for authblock signature, dataURL "/VerifyAuthBlock"
+		    	ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate");
+	    		
+	    	}
+	    	else {
+	    			
+		    	
+	    		String countrycode = CertificateUtils.getIssuerCountry(cert);
+	    		if (countrycode != null) {
+	    			if (countrycode.compareToIgnoreCase("AT") == 0) {
+	    				Logger.error("Certificate issuer country code is \"AT\". Login not support in foreign identities mode.");
+	    				throw new AuthenticationException("auth.22", null);
+	    			}
+	    		}
+	    		
+	    		// Foreign Identities Modus	
+		    	String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(session, cert);
+		      // build dataurl (to the GetForeignIDSerlvet)
+		    	String dataurl =
+	             new DataURLBuilder().buildDataURL(
+	               session.getAuthURL(),
+	               REQ_GET_FOREIGN_ID,
+	               session.getSessionID());
+	       
+		    	try {
+					AuthenticationSessionStoreage.storeSession(session);
+				} catch (MOADatabaseException e) {
+					throw new MOAIDException("session store error", null);
+				}
+		    	
+	    		// TODO[branch]: Foreign citizen; respond with CXSR for authblock signature, dataURL "/GetForeignID"
+		    	ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl);
+		    	
+		    	Logger.debug("Send CreateXMLSignatureRequest to BKU");
+	    	}	    		    	 
+	    }
+	    catch (MOAIDException ex) {
+	      handleError(null, ex, req, resp, pendingRequestID);
+	      
+	    } catch (Exception e) {
+	    	Logger.error("CertificateValidation has an interal Error.", e);
+	    }
+	       
+	    
+	    finally {
+	    	ConfigurationDBUtils.closeSession();
+	    }
+
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyIdentityLinkTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyIdentityLinkTask.java
index ec12643ec..c24e42b3a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyIdentityLinkTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyIdentityLinkTask.java
@@ -1,5 +1,7 @@
 package at.gv.egovernment.moa.id.auth.tasks;
 
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
+
 import java.io.IOException;
 import java.util.Map;
 
@@ -28,176 +30,179 @@ import at.gv.egovernment.moa.logging.Logger;
 
 import com.datentechnik.process_engine.api.ExecutionContext;
 
+/**
+ * Verifies the identity link and prepares auth block signature if identity link provided, or triggers reading the subject's certificate if not provided.<p/>
+ * In detail:
+ * <ul>
+ * <li>Renames the moa session id.</li>
+ * <li>Parses the identity link retrieves as {@code InfoBoxReadResponse} from POST parameter {@link MOAIDAuthConstants#PARAM_XMLRESPONSE}.</li>
+ * <li>Verifies the identity link.</li>
+ * <li>Creates the auth block to be signed.</li>
+ * <li>Updates moa session.</li>
+ * <li>Creates and returns a {@code CreateXMLSignatureRequest} via HttpServletResponse.</li>
+ * </ul>
+ * Expects:
+ * <ul>
+ * <li>HttpServletRequest parameter {@link MOAIDAuthConstants#PARAM_SESSIONID}</li>
+ * <li>HttpServletRequest parameter {@link MOAIDAuthConstants#PARAM_XMLRESPONSE} containing a {@code InfoBoxReadResponse}.</li>
+ * </ul>
+ * Result:
+ * <ul>
+ * <li>Identity link put into moa session.</li>
+ * <li>Returns {@code CreateXMLSignatureRequest} via HttpServletResponse (for CCE).</li>
+ * </ul>
+ * Possible branches:
+ * <ul>
+ * <li>In case of foreign citizen or in case of mandate
+ * <ul>
+ * <li>Create {@code InfoBoxReadRequest} for reading the subjects certificate.</li>
+ * <li>Set DataURL {@code /VerifyCertificate}.</li>
+ * <li>Respond with {@code InfoBoxReadRequest}.</li>
+ * </ul>
+ * </li>
+ * </ul>
+ * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet}.
+ * @author tknall
+ * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
+ *
+ */
 public class VerifyIdentityLinkTask extends AbstractAuthServletTask {
 
-	/**
-	 * Verifies the identity link and responds with a new 
-	 * <code>CreateXMLSignatureRequest</code> or a new <code>
-	 * InfoboxReadRequest</code> (in case of a foreign eID card).
-	 * <br>
-	 * Request parameters:
-	 * <ul>
-	 * <li>MOASessionID: ID of associated authentication session</li>
-	 * <li>XMLResponse: <code>&lt;InfoboxReadResponse&gt;</code></li>
-	 * </ul>
-	 * Response:
-	 * <ul>
-	 * <li>Content type: <code>"text/xml"</code></li>
-	 * <li>Content: see return value of {@link AuthenticationServer#verifyIdentityLink}</li>
-	 * <li>Error status: <code>500</code>
-	 * </ul>
-	 * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
-	 */
 	@Override
 	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
 			throws Exception {
-		
+
 		// note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet
 
-			Logger.debug("POST VerifyIdentityLink");
-			  
-	    Map<String, String> parameters;
-	    String pendingRequestID = null;
-	    
-	    try 
-	    {
-	      parameters = getParameters(req);
-	      
-	    } catch (Exception e) 
-	    {
-	      Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
-	      throw new IOException(e.getMessage());
-	    }
-	    String sessionID = req.getParameter(PARAM_SESSIONID);
-	           
-	    // escape parameter strings
+		Logger.debug("POST VerifyIdentityLink");
+
+		Map<String, String> parameters;
+		String pendingRequestID = null;
+
+		try {
+			parameters = getParameters(req);
+		} catch (Exception e) {
+			Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+			throw new IOException(e.getMessage());
+		}
+		String sessionID = req.getParameter(PARAM_SESSIONID);
+
+		// escape parameter strings
 		sessionID = StringEscapeUtils.escapeHtml(sessionID);
-	    
+
 		pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
-		
-	    resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
-		resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
-		resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
-		resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-
-		
-	    try {
-	    // check parameter
-	       if (!ParamValidatorUtils.isValidSessionID(sessionID))
-	          throw new WrongParametersException("VerifyIdentityLink", PARAM_SESSIONID, "auth.12");
-	       
-	       
-	       AuthenticationSession session = AuthenticationServer.getSession(sessionID);
-	       
-	       //change MOASessionID
-	       sessionID = AuthenticationSessionStoreage.changeSessionID(session);
-	    	  
-	    	String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(session, parameters);
-
-	    	Logger.debug(createXMLSignatureRequestOrRedirect);
-	    	
-	    	    	
-	    	if (createXMLSignatureRequestOrRedirect == null) {
-	    	   // no identity link found
-
-	    		boolean useMandate = session.getUseMandate();
-	    		if (useMandate) {
-	    			Logger.error("Online-Mandate Mode for foreign citizencs not supported.");
-	    			throw new AuthenticationException("auth.13", null);
-	    		}
-	    		// TODO[branch]: Foreign citizen; respond with IRR for certificates, dataURL = "/VerifyCertificate"
-	    		
-	    		try {
-	    		
-	    		   Logger.info("Send InfoboxReadRequest to BKU to get signer certificate.");
-	    		   
-	    		   // create the InfoboxReadRequest to get the certificate
-	    		   String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
-
-	    		   // build dataurl (to the VerifyCertificateSerlvet)
-	          String dataurl =
-	                new DataURLBuilder().buildDataURL(
-	                  session.getAuthURL(),
-	                  REQ_VERIFY_CERTIFICATE,
-	                  session.getSessionID());
-	          
-	          ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
-	          
-	    	    	
-	    	    }
-	    	    catch(Exception e) {
-	    	    	handleError(null, e, req, resp, pendingRequestID);
-	    	    }
-	    	    
-	    	}
-	    	else {
-	    		boolean useMandate = session.getUseMandate();
-	    		
-	    		if (useMandate) { // Mandate modus
-	    			
-	    			// TODO[branch]: Mandate; respond with IRR for certificates, dataURL = "/VerifyCertificate"
-	    			
-	    			// read certificate and set dataurl to 
-	    			Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
-	    			
-	    
-	     		   String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
-
-	     		   // build dataurl (to the GetForeignIDSerlvet)
-	     		   String dataurl =
-	                 new DataURLBuilder().buildDataURL(
-	                   session.getAuthURL(),
-	                   REQ_VERIFY_CERTIFICATE,
-	                   session.getSessionID());
-	           
-	     		  //Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)");
-	     		  //ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
-	     		   
-	     		  Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)");
-	     		  ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
-	    			
-	    		}	
-	    		else {
-	    			Logger.info("Normal");
-	    			
-	    			// TODO[branch]: Default behaviour; respond with CXSR for authblock signature, dataURL "/VerifyAuthBlock"
-	    			
-	    			OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
-	    					.getOnlineApplicationParameter(session.getPublicOAURLPrefix());
-	    			AuthConfigurationProvider authConf = AuthConfigurationProvider
-	    					.getInstance();
-	    			
-	    			createXMLSignatureRequestOrRedirect =  AuthenticationServer.getInstance()
-	    					.getCreateXMLSignatureRequestAuthBlockOrRedirect(session,
-	    					authConf, oaParam);
-	    			
-	    			ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink");
-	    		}
-	    	}
-	    	
+
+		resp.setHeader(HEADER_EXPIRES, HEADER_VALUE_EXPIRES);
+		resp.setHeader(HEADER_PRAGMA, HEADER_VALUE_PRAGMA);
+		resp.setHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL);
+		resp.addHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL_IE);
+
+		try {
+			// check parameter
+			if (!ParamValidatorUtils.isValidSessionID(sessionID))
+				throw new WrongParametersException("VerifyIdentityLink", PARAM_SESSIONID, "auth.12");
+
+			AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+
+			// change MOASessionID
+			sessionID = AuthenticationSessionStoreage.changeSessionID(session);
+
+			String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(session,
+					parameters);
+
+			Logger.debug(createXMLSignatureRequestOrRedirect);
+
+			if (createXMLSignatureRequestOrRedirect == null) {
+				// no identity link found
+
+				boolean useMandate = session.getUseMandate();
+				if (useMandate) {
+					Logger.error("Online-Mandate Mode for foreign citizencs not supported.");
+					throw new AuthenticationException("auth.13", null);
+				}
+				// TODO[branch]: Foreign citizen; respond with IRR for certificates, dataURL = "/VerifyCertificate"
+
+				try {
+
+					Logger.info("Send InfoboxReadRequest to BKU to get signer certificate.");
+
+					// create the InfoboxReadRequest to get the certificate
+					String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
+
+					// build dataurl (to the VerifyCertificateSerlvet)
+					String dataurl = new DataURLBuilder().buildDataURL(session.getAuthURL(), REQ_VERIFY_CERTIFICATE,
+							session.getSessionID());
+
+					ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest,
+							AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+
+				} catch (Exception e) {
+					handleError(null, e, req, resp, pendingRequestID);
+				}
+
+			} else {
+				boolean useMandate = session.getUseMandate();
+
+				if (useMandate) { // Mandate modus
+
+					// TODO[branch]: Mandate; respond with IRR for certificates, dataURL = "/VerifyCertificate"
+
+					// read certificate and set dataurl to
+					Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
+
+					String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
+
+					// build dataurl (to the GetForeignIDSerlvet)
+					String dataurl = new DataURLBuilder().buildDataURL(session.getAuthURL(), REQ_VERIFY_CERTIFICATE,
+							session.getSessionID());
+
+					// Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)");
+					// ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest,
+					// AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+
+					Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)");
+					ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest,
+							AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+
+				} else {
+					Logger.info("Normal");
+
+					// TODO[branch]: Default behaviour; respond with CXSR for authblock signature, dataURL
+					// "/VerifyAuthBlock"
+
+					OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
+							session.getPublicOAURLPrefix());
+					AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+
+					createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance()
+							.getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam);
+
+					ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session,
+							createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT,
+							"VerifyIdentityLink");
+				}
+			}
+
 			try {
 				AuthenticationSessionStoreage.storeSession(session);
-				
+
 			} catch (MOADatabaseException e) {
 				Logger.info("No valid MOA session found. Authentification process is abourted.");
 				throw new AuthenticationException("auth.20", null);
 			}
-	    }
-	    catch (ParseException ex) {
-	    	handleError(null, ex, req, resp, pendingRequestID);
-	    	
-	    } catch (MOAIDException ex) {
-	      handleError(null, ex, req, resp, pendingRequestID);
-	      
-	    } catch (Exception e) {
-	    	Logger.error("IdentityLinkValidation has an interal Error.", e);
-	    }
-	        
-	    finally {
-	    	ConfigurationDBUtils.closeSession();
-	    }
-	  }
-	
-	
-	
+		} catch (ParseException ex) {
+			handleError(null, ex, req, resp, pendingRequestID);
+
+		} catch (MOAIDException ex) {
+			handleError(null, ex, req, resp, pendingRequestID);
+
+		} catch (Exception e) {
+			Logger.error("IdentityLinkValidation has an interal Error.", e);
+		}
+
+		finally {
+			ConfigurationDBUtils.closeSession();
+		}
+	}
+
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/loginFormFull.html b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/loginFormFull.html
index 3eff06daf..5ae76ed96 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/loginFormFull.html
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/loginFormFull.html
@@ -842,7 +842,7 @@ input {
 				src="#CONTEXTPATH#/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
 			</a> <a href="http://jigsaw.w3.org/css-validator/"> <img
 				style="border: 0; width: 88px; height: 31px"
-				src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
+				src="https://jigsaw.w3.org/css-validator/images/vcss-blue"
 				alt="CSS ist valide!" />
 			</a>
 		</div>
diff --git a/id/server/idserverlib/src/main/java/iaik/IAIKRuntimeException.java b/id/server/idserverlib/src/main/java/iaik/IAIKRuntimeException.java
new file mode 100644
index 000000000..968d3491d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/iaik/IAIKRuntimeException.java
@@ -0,0 +1,18 @@
+package iaik;
+
+/**
+ * Adapter class providing {@code iaik.RuntimeException} for libraries that have not been updated in order to consider
+ * the fact that the class {@code IAIKRuntimeException} has been moved.
+ * 
+ * @author tknall
+ * 
+ */
+public class IAIKRuntimeException extends iaik.server.modules.IAIKRuntimeException {
+
+	private static final long serialVersionUID = 1L;
+
+	public IAIKRuntimeException(String reason, Throwable wrapped, String uniqueIdentifier) {
+		super(reason, wrapped, uniqueIdentifier);
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/resources/resources/processes/DefaultAuthentication.process.xml b/id/server/idserverlib/src/main/resources/resources/processes/DefaultAuthentication.process.xml
index dd27d8a01..8ac58bd4b 100644
--- a/id/server/idserverlib/src/main/resources/resources/processes/DefaultAuthentication.process.xml
+++ b/id/server/idserverlib/src/main/resources/resources/processes/DefaultAuthentication.process.xml
@@ -5,16 +5,27 @@
 	- National authentication with Austrian Citizen Card and mobile signature.
 	- Legacy authentication for foreign citizens using MOCCA supported signature cards.
 -->
+	<pd:Task id="createIdentityLinkForm" class="at.gv.egovernment.moa.id.auth.tasks.CreateIdentityLinkFormTask" />
+	<pd:Task id="verifyIdentityLink"     class="at.gv.egovernment.moa.id.auth.tasks.VerifyIdentityLinkTask"        async="true" />
+	<pd:Task id="verifyAuthBlock"        class="at.gv.egovernment.moa.id.auth.tasks.VerifyAuthenticationBlockTask" async="true" />
+	<pd:Task id="verifyCertificate"      class="at.gv.egovernment.moa.id.auth.tasks.VerifyCertificateTask"         async="true" />
+	<pd:Task id="getMISSessionID"        class="at.gv.egovernment.moa.id.auth.tasks.GetMISSessionIDTask"           async="true" />
 
 	<pd:StartEvent id="start" />
 	
-	<pd:Transition from="start" to="createIdentityLinkForm" />
-	<pd:Task id="createIdentityLinkForm" class="at.gv.egovernment.moa.id.auth.tasks.CreateIdentityLinkFormTask" />
+	<pd:Transition from="start"                  to="createIdentityLinkForm" />
+	
 	<pd:Transition from="createIdentityLinkForm" to="verifyIdentityLink" />
-	<pd:Task id="verifyIdentityLink" class="at.gv.egovernment.moa.id.auth.tasks.VerifyIdentityLinkTask" async="true" />
-	<pd:Transition from="verifyIdentityLink" to="verifyAuthBlock" />
-	<pd:Task id="verifyAuthBlock" class="at.gv.egovernment.moa.id.auth.tasks.VerifyAuthenticationBlockTask" async="true" />
-	<pd:Transition from="verifyAuthBlock" to="end" />
+	
+	<pd:Transition from="verifyIdentityLink"     to="verifyCertificate" conditionExpression="ctx['useMandate']" />
+	<pd:Transition from="verifyIdentityLink"     to="verifyAuthBlock" />
+	
+	<pd:Transition from="verifyCertificate"      to="verifyAuthBlock" />
+	
+	<pd:Transition from="verifyAuthBlock"        to="getMISSessionID" conditionExpression="ctx['useMandate']" />
+	<pd:Transition from="verifyAuthBlock"        to="end" />
+	
+	<pd:Transition from="getMISSessionID"        to="end" />
 	
 	<pd:EndEvent id="end" />
 
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html b/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html
index 7e2ddc491..e293d8456 100644
--- a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html
+++ b/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html
@@ -837,7 +837,7 @@
 				src="#CONTEXTPATH#/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
 			</a> <a href="http://jigsaw.w3.org/css-validator/"> <img
 				style="border: 0; width: 88px; height: 31px"
-				src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
+				src="https://jigsaw.w3.org/css-validator/images/vcss-blue"
 				alt="CSS ist valide!" />
 			</a>
 		</div>
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html b/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html
index e75bef70c..033a574b9 100644
--- a/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html
+++ b/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html
@@ -545,7 +545,7 @@ button:hover,button:focus,button:active,.sendButton:hover,.sendButton:focus,.sen
 				src="#CONTEXTPATH#/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
 			</a> <a href="http://jigsaw.w3.org/css-validator/"> <img
 				style="border: 0; width: 88px; height: 31px"
-				src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
+				src="https://jigsaw.w3.org/css-validator/images/vcss-blue"
 				alt="CSS ist valide!" />
 			</a>
 		</div>
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html b/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html
index b241e85cf..8976b2bd6 100644
--- a/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html
+++ b/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html
@@ -436,7 +436,7 @@
 				src="$contextpath/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
 			</a> <a href="http://jigsaw.w3.org/css-validator/"> <img
 				style="border: 0; width: 88px; height: 31px"
-				src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
+				src="https://jigsaw.w3.org/css-validator/images/vcss-blue"
 				alt="CSS ist valide!" />
 			</a>
 		</div>
-- 
cgit v1.2.3


From 745272fe66f04fee6976e6a187e308bb7a5987a1 Mon Sep 17 00:00:00 2001
From: Thomas Knall <t.knall@datentechnik-innovation.com>
Date: Fri, 23 Jan 2015 11:22:07 +0100
Subject: Add foreign identity process support (MOAID-61).

- moa-id auth web.xml: Replace servlet mapping "/GetForeignID".
- Fix some javadoc of AuthenticationServer.
- Set GetForeignIDServlet deprecated.
- Remove redundant code across several classes.
- VerifyIdentityLinkTask: Separate identity link verification from subsequent (a) creation of CreateXMLSignatureRequest (ProcessIdentityLinkTask) and (b) creation of InfoBoxReadRequest (CertificateReadRequestTask).
---
 id/server/auth/src/main/webapp/WEB-INF/web.xml     |  12 +-
 .../moa/id/auth/AuthenticationServer.java          |  47 +-----
 .../moa/id/auth/servlet/GetForeignIDServlet.java   |   6 +
 .../id/auth/servlet/VerifyCertificateServlet.java  |   2 +-
 .../id/auth/servlet/VerifyIdentityLinkServlet.java |   6 +-
 .../moa/id/auth/tasks/AbstractAuthServletTask.java |   2 +-
 .../id/auth/tasks/CertificateReadRequestTask.java  | 102 ++++++++++++
 .../moa/id/auth/tasks/GetForeignIDTask.java        | 183 +++++++++++++++++++++
 .../moa/id/auth/tasks/ProcessIdentityLinkTask.java | 103 ++++++++++++
 .../moa/id/auth/tasks/VerifyCertificateTask.java   |   3 +-
 .../moa/id/auth/tasks/VerifyIdentityLinkTask.java  |  80 +--------
 .../gv/egovernment/moa/id/util/ServletUtils.java   |   3 +-
 .../processes/DefaultAuthentication.process.xml    |  15 +-
 13 files changed, 424 insertions(+), 140 deletions(-)
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/CertificateReadRequestTask.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/GetForeignIDTask.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/ProcessIdentityLinkTask.java

(limited to 'id/server/auth/src')

diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml
index 1dd3b7a40..4548e05d9 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/web.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml
@@ -108,17 +108,6 @@
 		<servlet-name>IDPSLO</servlet-name>
 		<url-pattern>/idpSingleLogout</url-pattern>
 	</servlet-mapping>
-
-	<servlet>
-		<description>Gets the foreign eID from security layer</description>
-		<display-name>GetForeignID</display-name>
-		<servlet-name>GetForeignID</servlet-name>
-		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.GetForeignIDServlet</servlet-class>
-	</servlet>
-	<servlet-mapping>
-		<servlet-name>GetForeignID</servlet-name>
-		<url-pattern>/GetForeignID</url-pattern>
-	</servlet-mapping>
 	
 	<servlet>
 		<display-name>Apache-Axis Servlet</display-name>
@@ -172,6 +161,7 @@
 	<servlet-mapping>
 		<servlet-name>ProcessEngineSignal</servlet-name>
 		<url-pattern>/GetMISSessionID</url-pattern>
+		<url-pattern>/GetForeignID</url-pattern>
 		<url-pattern>/VerifyAuthBlock</url-pattern>
 		<url-pattern>/VerifyCertificate</url-pattern>
 		<url-pattern>/VerifyIdentityLink</url-pattern>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index b412b9964..fb67d078e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -1363,17 +1363,16 @@ public class AuthenticationServer implements MOAIDAuthConstants {
 	/**
 	 * Gets the foreign authentication data.<br>
 	 * <ul>
-	 * <li>Creates authentication data</li>
+	 * <li><strong>Creates authentication data</strong></li>
 	 * <li>Creates a corresponding SAML artifact</li>
 	 * <li>Stores authentication data in the authentication data store indexed
 	 * by the SAML artifact</li>
 	 * <li>Deletes authentication session</li>
-	 * <li>Returns the SAML artifact, encoded BASE64</li>
+	 * <li><strike>Returns the SAML artifact, encoded BASE64</strike></li>
 	 * </ul>
 	 *
 	 * @param sessionID session ID of the running authentication session
-	 * @return SAML artifact needed for retrieving authentication data, encoded
-	 * BASE64
+	 * @return String "new Session"
 	 */
 	public String getForeignAuthenticationData(AuthenticationSession session)
 			throws AuthenticationException, BuildException, ParseException,
@@ -1382,46 +1381,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
 		if (session == null)
 			throw new AuthenticationException("auth.10", new Object[]{
 					REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID});
-
-		//        // post processing of the infoboxes
-		//        Iterator iter = session.getInfoboxValidatorIterator();
-		//        boolean formpending = false;
-		//        if (iter != null) {
-		//            while (!formpending && iter.hasNext()) {
-		//                Vector infoboxValidatorVector = (Vector) iter.next();
-		//                String identifier = (String) infoboxValidatorVector.get(0);
-		//                String friendlyName = (String) infoboxValidatorVector.get(1);
-		//                InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
-		//                        .get(2);
-		//                InfoboxValidationResult infoboxValidationResult = null;
-		//                try {
-		//                    infoboxValidationResult = infoboxvalidator.validate(session
-		//                            .getIdentityLink().getSamlAssertion());
-		//                } catch (ValidateException e) {
-		//                    Logger.error("Error validating " + identifier + " infobox:"
-		//                            + e.getMessage());
-		//                    throw new ValidateException("validator.44",
-		//                            new Object[]{friendlyName});
-		//                }
-		//                if (!infoboxValidationResult.isValid()) {
-		//                    Logger.info("Validation of " + identifier
-		//                            + " infobox failed.");
-		//                    throw new ValidateException("validator.40", new Object[]{
-		//                            friendlyName,
-		//                            infoboxValidationResult.getErrorMessage()});
-		//                }
-		//                String form = infoboxvalidator.getForm();
-		//                if (ParepUtils.isEmpty(form)) {
-		//                    AddAdditionalSAMLAttributes(
-		//                            session,
-		//                            infoboxValidationResult.getExtendedSamlAttributes(),
-		//                            identifier, friendlyName);
-		//                } else {
-		//                    return "Redirect to Input Processor";
-		//                }
-		//            }
-		//        }
-
 		VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponse();
 		X509Certificate cert = session.getSignerCertificate();
 		vsresp.setX509certificate(cert);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
index bbc704f22..f8b0dbdab 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
@@ -71,6 +71,7 @@ import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.auth.tasks.GetForeignIDTask;
 import at.gv.egovernment.moa.id.client.SZRGWClientException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.moduls.ModulUtils;
@@ -85,6 +86,7 @@ import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse;
  * Servlet requested for getting the foreign eID
  * provided by the security layer implementation.
  * Utilizes the {@link AuthenticationServer}.
+ * @deprecated Use {@link GetForeignIDTask} instead.
  *
  */
 public class GetForeignIDServlet extends AuthServlet {
@@ -134,6 +136,10 @@ public class GetForeignIDServlet extends AuthServlet {
 
 		Logger.debug("POST GetForeignIDServlet");
 		
+		  if (System.currentTimeMillis() > 0) {
+			  throw new IllegalStateException(getClass().getName() + " should not be called any more.");
+		  }	
+		
 		resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
 		resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
 		resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
index 36e219a97..77e401899 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
@@ -214,7 +214,7 @@ public class VerifyCertificateServlet extends AuthServlet {
 					throw new MOAIDException("session store error", null);
 				}
 		    	
-		    	ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl);
+		    	ServletUtils.writeCreateXMLSignatureRequest(resp, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl);
 		    	
 		    	Logger.debug("Send CreateXMLSignatureRequest to BKU");
 	    	}	    		    	 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
index 3fcdfe150..e94273881 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -53,7 +53,6 @@ import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.apache.commons.fileupload.FileUploadException;
 import org.apache.commons.lang.StringEscapeUtils;
 
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
@@ -67,7 +66,6 @@ import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.tasks.VerifyIdentityLinkTask;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
-import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
@@ -207,7 +205,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
                   session.getSessionID());
           
          
-          ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+          ServletUtils.writeCreateXMLSignatureRequest(resp, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
           
     	    	
     	    }
@@ -237,7 +235,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
      		  //ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
      		   
      		  Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)");
-     		  ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+     		  ServletUtils.writeCreateXMLSignatureRequest(resp, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
     			
     		}	
     		else {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/AbstractAuthServletTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/AbstractAuthServletTask.java
index d5b869777..7351933c1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/AbstractAuthServletTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/AbstractAuthServletTask.java
@@ -325,7 +325,7 @@ public abstract class AbstractAuthServletTask extends AbstractSpringWebSupported
 	 * @param resp
 	 *            The HttpServletResponse.
 	 */
-	private void setNoCachingHeaders(HttpServletResponse resp) {
+	public void setNoCachingHeaders(HttpServletResponse resp) {
 		resp.setHeader(HEADER_EXPIRES, HEADER_VALUE_EXPIRES);
 		resp.setHeader(HEADER_PRAGMA, HEADER_VALUE_PRAGMA);
 		resp.setHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/CertificateReadRequestTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/CertificateReadRequestTask.java
new file mode 100644
index 000000000..da8a3d997
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/CertificateReadRequestTask.java
@@ -0,0 +1,102 @@
+package at.gv.egovernment.moa.id.auth.tasks;
+
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.commons.lang3.BooleanUtils;
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.util.ServletUtils;
+import at.gv.egovernment.moa.logging.Logger;
+
+import com.datentechnik.process_engine.api.ExecutionContext;
+
+/**
+ * Creates {@code InfoBoxReadRequest} in order to read the subject's certificates.<p/>
+ * In detail:
+ * <ul>
+ * <li>Renames the moa session id.</li>
+ * <li>Creates {@code InfoBoxReadRequest} in order to read the subject's certificates.</li>
+ * <li>Responds with {@code InfoBoxReadRequest} (for CCE), {@code DataURL} is {@code {/VerifyCertificate}</li>
+ * </ul>
+ * Expects:
+ * <ul>
+ * <li>HttpServletRequest parameter {@link MOAIDAuthConstants#PARAM_SESSIONID}</li>
+ * </ul>
+ * Result:
+ * <ul>
+ * <li>Responds with {@code InfoBoxReadRequest} (for CCE), {@code DataURL} is {@code {/VerifyCertificate}</li>
+ * </ul>
+ * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet}.
+ * @author tknall
+ * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
+ *
+ */
+public class CertificateReadRequestTask extends AbstractAuthServletTask {
+
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
+			throws Exception {
+
+		// TODO[branch]: Foreign citizen or mandate mode; respond with IRR for certificates, dataURL = "/VerifyCertificate"
+		Logger.info("Send InfoboxReadRequest to BKU to get signer certificate.");
+
+		setNoCachingHeaders(resp);
+
+		String pendingRequestID = null;
+		
+		try {
+		
+			String sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID));
+			
+			// check parameter
+			if (!ParamValidatorUtils.isValidSessionID(sessionID)) {
+				throw new WrongParametersException("CertificateReadRequestTask", PARAM_SESSIONID, "auth.12");
+			}
+
+			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+
+			AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+
+			boolean useMandate = session.getUseMandate();
+			boolean identityLinkFound = BooleanUtils.isTrue((Boolean) executionContext.get("identityLinkFound"));
+			
+			if (!identityLinkFound && useMandate) {
+				Logger.error("Online-Mandate Mode for foreign citizencs not supported.");
+				throw new AuthenticationException("auth.13", null);
+			}
+
+			// change MOASessionID
+			AuthenticationSessionStoreage.changeSessionID(session);
+			
+			// create the InfoboxReadRequest to get the certificate
+			String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
+
+			// build dataurl (to the VerifyCertificateSerlvet)
+			String dataurl = new DataURLBuilder().buildDataURL(session.getAuthURL(), REQ_VERIFY_CERTIFICATE,
+					session.getSessionID());
+
+			ServletUtils.writeCreateXMLSignatureRequest(resp, infoboxReadRequest,
+					AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+		
+		} catch (MOAIDException ex) {
+			handleError(null, ex, req, resp, pendingRequestID);
+		} finally {
+			ConfigurationDBUtils.closeSession();
+		}		
+
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/GetForeignIDTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/GetForeignIDTask.java
new file mode 100644
index 000000000..602ad527b
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/GetForeignIDTask.java
@@ -0,0 +1,183 @@
+package at.gv.egovernment.moa.id.auth.tasks;
+
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.security.cert.CertificateException;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.transform.TransformerException;
+
+import org.apache.commons.fileupload.FileUploadException;
+import org.apache.commons.lang.StringEscapeUtils;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
+import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.client.SZRGWClientException;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse;
+
+import com.datentechnik.process_engine.api.ExecutionContext;
+
+/**
+ * Evaluates the {@code CreateXMLSignatureResponse}, extracts signature and certificate and asks the SZR Gateway for an identity link.<p/>
+ * In detail:
+ * <ul>
+ * <li>Renames the moa session id.</li>
+ * <li>Parses the CreateXMLSignatureResponse retrieved from POST parameter {@link MOAIDAuthConstants#PARAM_XMLRESPONSE}.</li>
+ * <li>Extracts signature and signer certificate.</li>
+ * <li>Send request to SZR Gateway in order to get an identity link.</li>
+ * <li>Updates moa session (sets identity link, QAA level 4, authentication data and foreigner flag).</li>
+ * <li>Redirects back to {@code /dispatcher} in order to finalize authentication.</li>
+ * </ul>
+ * Expects:
+ * <ul>
+ * <li>HttpServletRequest parameter {@link MOAIDAuthConstants#PARAM_SESSIONID}</li>
+ * <li>HttpServletRequest parameter {@link MOAIDAuthConstants#PARAM_XMLRESPONSE} containing a {@code CreateXMLSignatureResponse}.</li>
+ * </ul>
+ * Result:
+ * <ul>
+ * <li>Identity link, QAA level 4 and foreigner flag put into moa session.</li>
+ * <li>Redirect to {@code /dispatcher}.</li>
+ * </ul>
+ * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.GetForeignIDServlet}.
+ * @author tknall
+ * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
+ *
+ */
+public class GetForeignIDTask extends AbstractAuthServletTask {
+
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
+			throws Exception {
+
+		Logger.debug("POST GetForeignIDServlet");
+
+		setNoCachingHeaders(resp);
+
+		Map<String, String> parameters;
+
+		try {
+			parameters = getParameters(req);
+		} catch (FileUploadException e) {
+			Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+			throw new IOException(e.getMessage());
+		}
+		
+		String sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID));
+		String pendingRequestID = null;
+		String redirectURL = null;
+		AuthenticationSession session = null;
+		try {
+			// check parameter
+			if (!ParamValidatorUtils.isValidSessionID(sessionID)) {
+				throw new WrongParametersException("GetForeignID", PARAM_SESSIONID, "auth.12");
+			}
+			String xmlCreateXMLSignatureResponse = (String) parameters.get(PARAM_XMLRESPONSE);
+			if (!ParamValidatorUtils.isValidXMLDocument(xmlCreateXMLSignatureResponse)) {
+				throw new WrongParametersException("GetForeignID", PARAM_XMLRESPONSE, "auth.12");
+			}
+			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+			session = AuthenticationServer.getSession(sessionID);
+
+			// change MOASessionID
+			sessionID = AuthenticationSessionStoreage.changeSessionID(session);
+
+			Logger.debug(xmlCreateXMLSignatureResponse);
+
+			CreateXMLSignatureResponse csresp = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse)
+					.parseResponseDsig();
+
+			try {
+				String serializedAssertion = DOMUtils.serializeNode(csresp.getDsigSignature());
+				session.setAuthBlock(serializedAssertion);
+
+			} catch (TransformerException e) {
+				throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE });
+
+			} catch (IOException e) {
+				throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE });
+
+			}
+
+			Element signature = csresp.getDsigSignature();
+
+			try {
+				session.setSignerCertificate(AuthenticationServer.getCertificateFromXML(signature));
+			} catch (CertificateException e) {
+				Logger.error("Could not extract certificate from CreateXMLSignatureResponse");
+				throw new MOAIDException("auth.14", null);
+			}
+
+			// make SZR request to the identity link
+			CreateIdentityLinkResponse response = AuthenticationServer.getInstance().getIdentityLink(signature);
+
+			if (null != response.getErrorResponse()) {
+				// TODO fix exception parameter
+				throw new SZRGWClientException("service.08", (String) response.getErrorResponse().getErrorCode(),
+						(String) response.getErrorResponse().getInfo());
+			} else {
+				IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream(
+						response.getIdentityLink()));
+				IdentityLink identitylink = ilParser.parseIdentityLink();
+				session.setIdentityLink(identitylink);
+
+				// set QAA Level four in case of card authentifcation
+				session.setQAALevel(PVPConstants.STORK_QAA_1_4);
+
+				AuthenticationServer.getInstance().getForeignAuthenticationData(session);
+
+				// session is implicit stored in changeSessionID!!!!
+				String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session);
+
+				Logger.info("Changed MOASession " + sessionID + " to Session " + newMOASessionID);
+				Logger.info("Daten angelegt zu MOASession " + newMOASessionID);
+
+				redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(),
+						ModulUtils.buildAuthURL(session.getModul(), session.getAction(), pendingRequestID),
+						newMOASessionID);
+				redirectURL = resp.encodeRedirectURL(redirectURL);
+
+				// TODO[branch]: Final step back to /dispatcher
+
+				try {
+					AuthenticationSessionStoreage.storeSession(session);
+				} catch (MOADatabaseException e) {
+					throw new MOAIDException("Session store error", null);
+				}
+
+				resp.setContentType("text/html");
+				resp.setStatus(302);
+				resp.addHeader("Location", redirectURL);
+				Logger.debug("REDIRECT TO: " + redirectURL);
+			}
+
+		} catch (MOAIDException ex) {
+			handleError(null, ex, req, resp, pendingRequestID);
+
+		} catch (Exception e) {
+			Logger.error("GetForeignIDServlet has an interal Error.", e);
+
+		}
+
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/ProcessIdentityLinkTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/ProcessIdentityLinkTask.java
new file mode 100644
index 000000000..34ef9b134
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/ProcessIdentityLinkTask.java
@@ -0,0 +1,103 @@
+package at.gv.egovernment.moa.id.auth.tasks;
+
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringEscapeUtils;
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.util.ServletUtils;
+import at.gv.egovernment.moa.logging.Logger;
+
+import com.datentechnik.process_engine.api.ExecutionContext;
+
+/**
+ * Creates {@code CreateXMLSignatureRequest} for auth block signature.<p/>
+ * In detail:
+ * <ul>
+ * <li>Renames the moa session id.</li>
+ * <li>Creates {@code CreateXMLSignatureRequest} for auth block signature.</li>
+ * <li>Responds with {@code CreateXMLSignatureRequest} (for CCE), {@code DataURL} is {@code {/VerifyAuthBlock}</li>
+ * </ul>
+ * Expects:
+ * <ul>
+ * <li>HttpServletRequest parameter {@link MOAIDAuthConstants#PARAM_SESSIONID}</li>
+ * </ul>
+ * Result:
+ * <ul>
+ * <li>Responds with {@code CreateXMLSignatureRequest} (for CCE), {@code DataURL} is {@code {/VerifyAuthBlock}</li>
+ * </ul>
+ * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet}.
+ * @author tknall
+ * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
+ *
+ */
+public class ProcessIdentityLinkTask extends AbstractAuthServletTask {
+
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
+			throws Exception {
+		// note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet
+
+		Logger.debug("Process IdentityLink");
+
+		setNoCachingHeaders(resp);
+		
+		String pendingRequestID = null;
+
+		try {
+			
+			String sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID));
+			
+			// check parameter
+			if (!ParamValidatorUtils.isValidSessionID(sessionID)) {
+				throw new WrongParametersException("VerifyIdentityLink", PARAM_SESSIONID, "auth.12");
+			}
+
+			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+
+			AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+
+			// change MOASessionID
+			sessionID = AuthenticationSessionStoreage.changeSessionID(session);
+				
+			Logger.info("Normal");
+
+			// TODO[branch]: Default behaviour; respond with CXSR for authblock signature, dataURL "/VerifyAuthBlock"
+
+			OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
+					session.getPublicOAURLPrefix());
+			AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+
+			String createXMLSignatureRequest = AuthenticationServer.getInstance()
+					.getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam);
+
+			AuthenticationSessionStoreage.storeSession(session);
+			
+			ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session,
+					createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT,
+					"VerifyIdentityLink");
+
+		} catch (MOAIDException ex) {
+			handleError(null, ex, req, resp, pendingRequestID);
+
+		} catch (Exception e) {
+			Logger.error("IdentityLinkValidation has an interal Error.", e);
+		}
+
+		finally {
+			ConfigurationDBUtils.closeSession();
+		}
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyCertificateTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyCertificateTask.java
index 979e64888..ddea4c414 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyCertificateTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyCertificateTask.java
@@ -101,7 +101,6 @@ public class VerifyCertificateTask extends AbstractAuthServletTask {
     		
 	    	boolean useMandate = session.getUseMandate();
 	    	
-	    	
 	    	if (useMandate) {
 
 	    		// verify certificate for OrganWalter
@@ -144,7 +143,7 @@ public class VerifyCertificateTask extends AbstractAuthServletTask {
 				}
 		    	
 	    		// TODO[branch]: Foreign citizen; respond with CXSR for authblock signature, dataURL "/GetForeignID"
-		    	ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl);
+		    	ServletUtils.writeCreateXMLSignatureRequest(resp, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl);
 		    	
 		    	Logger.debug("Send CreateXMLSignatureRequest to BKU");
 	    	}	    		    	 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyIdentityLinkTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyIdentityLinkTask.java
index 09dd9e1f7..5b21cd29c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyIdentityLinkTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyIdentityLinkTask.java
@@ -12,33 +12,26 @@ import org.apache.commons.lang.StringEscapeUtils;
 
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
-import at.gv.egovernment.moa.id.util.ServletUtils;
 import at.gv.egovernment.moa.logging.Logger;
 
 import com.datentechnik.process_engine.api.ExecutionContext;
 
 /**
- * Verifies the identity link and prepares auth block signature if identity link provided, or triggers reading the subject's certificate if not provided.<p/>
+ * Verifies the identity link.<p/>
  * In detail:
  * <ul>
  * <li>Renames the moa session id.</li>
- * <li>Parses the identity link retrieves as {@code InfoBoxReadResponse} from POST parameter {@link MOAIDAuthConstants#PARAM_XMLRESPONSE}.</li>
+ * <li>Parses the identity link retrieved as {@code InfoBoxReadResponse} from POST parameter {@link MOAIDAuthConstants#PARAM_XMLRESPONSE}.</li>
  * <li>Verifies the identity link.</li>
- * <li>Creates the auth block to be signed.</li>
  * <li>Updates moa session.</li>
- * <li>Creates and returns a {@code CreateXMLSignatureRequest} via HttpServletResponse.</li>
+ * <li>Puts boolean flag {@code identityLinkFound} into {@code ExecutionContext}.</li>
  * </ul>
  * Expects:
  * <ul>
@@ -48,17 +41,7 @@ import com.datentechnik.process_engine.api.ExecutionContext;
  * Result:
  * <ul>
  * <li>Identity link put into moa session.</li>
- * <li>Returns {@code CreateXMLSignatureRequest} via HttpServletResponse (for CCE).</li>
- * </ul>
- * Possible branches:
- * <ul>
- * <li>In case of foreign citizen or in case of mandate
- * <ul>
- * <li>Create {@code InfoBoxReadRequest} for reading the subjects certificate.</li>
- * <li>Set DataURL {@code /VerifyCertificate}.</li>
- * <li>Respond with {@code InfoBoxReadRequest}.</li>
- * </ul>
- * </li>
+ * <li>Boolean flag {@code identityLinkFound} into {@code ExecutionContext}.</li>
  * </ul>
  * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet}.
  * @author tknall
@@ -75,10 +58,7 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask {
 
 		Logger.debug("POST VerifyIdentityLink");
 
-		resp.setHeader(HEADER_EXPIRES, HEADER_VALUE_EXPIRES);
-		resp.setHeader(HEADER_PRAGMA, HEADER_VALUE_PRAGMA);
-		resp.setHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL);
-		resp.addHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL_IE);
+		setNoCachingHeaders(resp);
 		
 		Map<String, String> parameters;
 		String pendingRequestID = null;
@@ -93,62 +73,18 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask {
 		try {
 			
 			String sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID));
-			
 			// check parameter
 			if (!ParamValidatorUtils.isValidSessionID(sessionID)) {
 				throw new WrongParametersException("VerifyIdentityLink", PARAM_SESSIONID, "auth.12");
 			}
-
 			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
 
 			AuthenticationSession session = AuthenticationServer.getSession(sessionID);
 
-			// change MOASessionID
-			sessionID = AuthenticationSessionStoreage.changeSessionID(session);
-
 			boolean identityLinkFound = AuthenticationServer.getInstance().verifyIdentityLink(session, parameters) != null;
-			boolean useMandate = session.getUseMandate();
-			
-			if (!identityLinkFound && useMandate) {
-				Logger.error("Online-Mandate Mode for foreign citizencs not supported.");
-				throw new AuthenticationException("auth.13", null);
-			}
-			
-			if (!identityLinkFound || useMandate) {
-			
-				// TODO[branch]: Foreign citizen or mandate mode; respond with IRR for certificates, dataURL = "/VerifyCertificate"
-				Logger.info("Send InfoboxReadRequest to BKU to get signer certificate.");
-
-				// create the InfoboxReadRequest to get the certificate
-				String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
-
-				// build dataurl (to the VerifyCertificateSerlvet)
-				String dataurl = new DataURLBuilder().buildDataURL(session.getAuthURL(), REQ_VERIFY_CERTIFICATE,
-						session.getSessionID());
-
-				AuthenticationSessionStoreage.storeSession(session);
-				
-				ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest,
-						AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
-			} else {
-				
-				Logger.info("Normal");
-
-				// TODO[branch]: Default behaviour; respond with CXSR for authblock signature, dataURL "/VerifyAuthBlock"
-
-				OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
-						session.getPublicOAURLPrefix());
-				AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
-
-				String createXMLSignatureRequest = AuthenticationServer.getInstance()
-						.getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam);
-
-				AuthenticationSessionStoreage.storeSession(session);
-				
-				ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session,
-						createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT,
-						"VerifyIdentityLink");
-			}
+			AuthenticationSessionStoreage.storeSession(session);
+
+			executionContext.put("identityLinkFound", identityLinkFound);
 
 		} catch (ParseException ex) {
 			handleError(null, ex, req, resp, pendingRequestID);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java
index 56e59a4aa..3dbc0ab7b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java
@@ -113,14 +113,13 @@ public class ServletUtils {
    * depending on the requests starting text.
    * 
    * @param resp The httpServletResponse
-   * @param session The current AuthenticationSession
    * @param createXMLSignatureRequestOrRedirect The request
    * @param servletGoal The servlet to which the redirect should happen
    * @param servletName The servlet name for debug purposes
    * @throws MOAIDException
    * @throws IOException
    */
-  public static void writeCreateXMLSignatureRequest(HttpServletResponse resp, AuthenticationSession session, String createXMLSignatureRequestOrRedirect, String servletGoal, String servletName, String dataURL) 
+  public static void writeCreateXMLSignatureRequest(HttpServletResponse resp, String createXMLSignatureRequestOrRedirect, String servletGoal, String servletName, String dataURL) 
   throws MOAIDException,
          IOException
   { 
diff --git a/id/server/idserverlib/src/main/resources/resources/processes/DefaultAuthentication.process.xml b/id/server/idserverlib/src/main/resources/resources/processes/DefaultAuthentication.process.xml
index 8ac58bd4b..f3555df2a 100644
--- a/id/server/idserverlib/src/main/resources/resources/processes/DefaultAuthentication.process.xml
+++ b/id/server/idserverlib/src/main/resources/resources/processes/DefaultAuthentication.process.xml
@@ -10,6 +10,9 @@
 	<pd:Task id="verifyAuthBlock"        class="at.gv.egovernment.moa.id.auth.tasks.VerifyAuthenticationBlockTask" async="true" />
 	<pd:Task id="verifyCertificate"      class="at.gv.egovernment.moa.id.auth.tasks.VerifyCertificateTask"         async="true" />
 	<pd:Task id="getMISSessionID"        class="at.gv.egovernment.moa.id.auth.tasks.GetMISSessionIDTask"           async="true" />
+	<pd:Task id="certificateReadRequest" class="at.gv.egovernment.moa.id.auth.tasks.CertificateReadRequestTask" />
+	<pd:Task id="processIdentityLink"    class="at.gv.egovernment.moa.id.auth.tasks.ProcessIdentityLinkTask" />
+	<pd:Task id="getForeignID"           class="at.gv.egovernment.moa.id.auth.tasks.GetForeignIDTask"              async="true" />
 
 	<pd:StartEvent id="start" />
 	
@@ -17,15 +20,21 @@
 	
 	<pd:Transition from="createIdentityLinkForm" to="verifyIdentityLink" />
 	
-	<pd:Transition from="verifyIdentityLink"     to="verifyCertificate" conditionExpression="ctx['useMandate']" />
-	<pd:Transition from="verifyIdentityLink"     to="verifyAuthBlock" />
+	<pd:Transition from="verifyIdentityLink"     to="certificateReadRequest" conditionExpression="!ctx['identityLinkFound'] || ctx['useMandate']" />
+	<pd:Transition from="verifyIdentityLink"     to="processIdentityLink" />
 	
-	<pd:Transition from="verifyCertificate"      to="verifyAuthBlock" />
+	<pd:Transition from="processIdentityLink"    to="verifyAuthBlock" />
+	
+	<pd:Transition from="certificateReadRequest" to="verifyCertificate" />
+	
+	<pd:Transition from="verifyCertificate"      to="verifyAuthBlock" conditionExpression="ctx['useMandate']" />
+	<pd:Transition from="verifyCertificate"      to="getForeignIDTask" />
 	
 	<pd:Transition from="verifyAuthBlock"        to="getMISSessionID" conditionExpression="ctx['useMandate']" />
 	<pd:Transition from="verifyAuthBlock"        to="end" />
 	
 	<pd:Transition from="getMISSessionID"        to="end" />
+	<pd:Transition from="getForeignID"           to="end" />
 	
 	<pd:EndEvent id="end" />
 
-- 
cgit v1.2.3


From b187c1470167335ad6142b9b8b730e106348a8f8 Mon Sep 17 00:00:00 2001
From: Gerwin Gsenger <g.gsenger@datentechnik-innovation.at>
Date: Wed, 28 Jan 2015 10:31:33 +0100
Subject: implement ModuleRegistry, implement standard moaid process, start
 ModuleRegistry at moa-id startup, fix typo in package name

---
 .../src/main/webapp/WEB-INF/applicationContext.xml |   2 +-
 .../id/moduls/moduleregistration/AuthModule.java   |  40 ++++++
 .../moduls/moduleregistration/AuthModuleImpl.java  |  23 ++++
 .../moduleregistration/ModuleRegistration.java     | 140 +++++++++++++++++++++
 .../id/moduls/modulregistration/AuthModule.java    |  40 ------
 .../modulregistration/ModuleRegistration.java      |  29 -----
 ...ment.moa.id.moduls.modulregistration.AuthModule |   2 +
 7 files changed, 206 insertions(+), 70 deletions(-)
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/moduleregistration/AuthModule.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/moduleregistration/AuthModuleImpl.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/moduleregistration/ModuleRegistration.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/modulregistration/AuthModule.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/modulregistration/ModuleRegistration.java
 create mode 100644 id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.modulregistration.AuthModule

(limited to 'id/server/auth/src')

diff --git a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml
index 0f9f05baa..a4a06d24a 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml
@@ -27,5 +27,5 @@
 	</task:scheduled-tasks>
 	
 	<bean id="authenticationManager" class="at.gv.egovernment.moa.id.moduls.AuthenticationManager" factory-method="getInstance" />
-
+	<bean id="moduleRegistration" class="at.gv.egovernment.moa.id.moduls.modulregistration.ModuleRegistration" factory-method="getInstance" />
 </beans>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/moduleregistration/AuthModule.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/moduleregistration/AuthModule.java
new file mode 100644
index 000000000..35273cd2b
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/moduleregistration/AuthModule.java
@@ -0,0 +1,40 @@
+package at.gv.egovernment.moa.id.moduls.moduleregistration;
+
+import com.datentechnik.process_engine.api.ExecutionContext;
+import com.datentechnik.process_engine.model.ProcessDefinition;
+
+/**
+ * Defines the module capabilities.
+ */
+public interface AuthModule {
+
+	/**
+	 * Returns the priority of the module. The priority defines the place in the
+	 * order of modules. The module with a highest priority is asked first, if
+	 * it has a process which can do an authentication.
+	 * 
+	 * @return the priority of the module.
+	 */
+	int getPriority();
+
+	/**
+	 * Checks if the module has a process, which is able to perform an authentication
+	 * with the given {@link ExecutionContext}.
+	 * 
+	 * @param context
+	 *            an ExecutionContext for a process.
+	 * @return the process-ID of a process which is able to work with the given
+	 *         ExecutionContext, or {@code null}.
+	 */
+	String selectProcess(ExecutionContext context);
+
+	/**
+	 * Returns the an Array of {@link ProcessDefinition}s of the processes
+	 * included in this module.
+	 * 
+	 * @return an array of resource uris of the processes included in this
+	 *         module.
+	 */
+	String[] getProcessDefinitions();
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/moduleregistration/AuthModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/moduleregistration/AuthModuleImpl.java
new file mode 100644
index 000000000..cbe5c5932
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/moduleregistration/AuthModuleImpl.java
@@ -0,0 +1,23 @@
+package at.gv.egovernment.moa.id.moduls.moduleregistration;
+
+import com.datentechnik.process_engine.api.ExecutionContext;
+
+public class AuthModuleImpl implements AuthModule {
+
+	@Override
+	public int getPriority() {
+		// neutral priority between Integer.MIN_VALUE and Integer.MAX_VALUE
+		return 0;
+	}
+
+	@Override
+	public String selectProcess(ExecutionContext context) {
+		return context.get("ccc") == null ? "DefaultAuthentication" : null;
+	}
+
+	@Override
+	public String[] getProcessDefinitions() {
+		return new String[] { "DefaultAuthentication" };
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/moduleregistration/ModuleRegistration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/moduleregistration/ModuleRegistration.java
new file mode 100644
index 000000000..522e5c7eb
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/moduleregistration/ModuleRegistration.java
@@ -0,0 +1,140 @@
+package at.gv.egovernment.moa.id.moduls.moduleregistration;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Comparator;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.ServiceLoader;
+
+import javax.annotation.PostConstruct;
+
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
+import org.springframework.core.io.Resource;
+
+import com.datentechnik.process_engine.ProcessEngine;
+import com.datentechnik.process_engine.api.ExecutionContext;
+
+/**
+ * This class handles registering modules. The modules are detected either with
+ * the ServiceLoader mechanism or via Spring. All detected modules are ranked
+ * according to their priority.
+ */
+public class ModuleRegistration {
+
+	private static ModuleRegistration instance = new ModuleRegistration();
+
+	private List<AuthModule> orderedModules = new ArrayList<>();
+
+	@Autowired
+	private ApplicationContext ctx;
+
+	@Autowired
+	ProcessEngine processEngine;
+
+	private Logger log = LoggerFactory.getLogger(getClass());
+
+	public static ModuleRegistration getInstance() {
+		return instance;
+	}
+
+	private ModuleRegistration() {
+	}
+
+	@PostConstruct
+	private void init() {
+		// load modules via the ServiceLoader
+		initServiceLoaderModules();
+
+		// load modules via Spring
+		initSpringModules();
+
+		// order modules according to their priority
+		orderModules();
+	}
+
+	/**
+	 * Discovers modules which use the ServiceLoader mechanism.
+	 */
+	private void initServiceLoaderModules() {
+		log.debug("Discovering modules which use the ServiceLoader mechanism.");
+		ServiceLoader<AuthModule> loader = ServiceLoader.load(AuthModule.class);
+		Iterator<AuthModule> modules = loader.iterator();
+		while (modules.hasNext()) {
+			AuthModule module = modules.next();
+			registerResourceUris(module);
+			orderedModules.add(module);
+		}
+	}
+
+	/**
+	 * Discovers modules which use Spring.
+	 */
+	private void initSpringModules() {
+		log.debug("Discovering Spring modules.");
+		Map<String, AuthModule> modules = ctx.getBeansOfType(AuthModule.class);
+		for (AuthModule module : modules.values()) {
+			registerResourceUris(module);
+			orderedModules.add(module);
+		}
+	}
+
+	/**
+	 * Registers the resource uris for the module.
+	 * 
+	 * @param module
+	 *            the module.
+	 */
+	private void registerResourceUris(AuthModule module) {
+		for (String uri : module.getProcessDefinitions()) {
+			Resource resource = ctx.getResource(uri);
+			if (resource.exists()) {
+				log.debug("Registering process definition resource url: '{}'.", resource);
+				// TODO: register resource with the process engine
+				// processEngine.registerResourceUri(resource);
+			} else {
+				log.info("Resource url: '{}' does NOT exist.", resource);
+			}
+		}
+	}
+
+	/**
+	 * Order the modules in descending order according to their priority.
+	 */
+	private void orderModules() {
+		Collections.sort(orderedModules, new Comparator<AuthModule>() {
+			@Override
+			public int compare(AuthModule thisAuthModule, AuthModule otherAuthModule) {
+				int thisOrder = thisAuthModule.getPriority();
+				int otherOrder = otherAuthModule.getPriority();
+				return (thisOrder < otherOrder ? -1 : (thisOrder == otherOrder ? 0 : 1));
+			}
+		});
+		log.debug("Modules are ordered in descending order, according to their priority.");
+	}
+
+	/**
+	 * Returns the process id of the first process, in the highest ranked
+	 * module, which is able to work with the given execution context.
+	 * 
+	 * @param context
+	 *            the {@link ExecutionContext}.
+	 * @return the process id or {@code null}
+	 */
+	public String selectProcess(ExecutionContext context) {
+		for (AuthModule module : orderedModules) {
+			String id = module.selectProcess(context);
+			if (StringUtils.isNotEmpty(id)) {
+				log.debug("Process with id '{}' selected, for context '{}'.", id, context);
+				return id;
+			}
+		}
+		log.info("No process is able to handle context '{}'.", context);
+		return null;
+	}
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/modulregistration/AuthModule.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/modulregistration/AuthModule.java
deleted file mode 100644
index 6ee18c0ab..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/modulregistration/AuthModule.java
+++ /dev/null
@@ -1,40 +0,0 @@
-package at.gv.egovernment.moa.id.moduls.modulregistration;
-
-import com.datentechnik.process_engine.api.ExecutionContext;
-import com.datentechnik.process_engine.model.ProcessDefinition;
-
-/**
- * Defines the module capabilities.
- */
-public interface AuthModule {
-
-	/**
-	 * Returns the priority of the module. The priority defines the place in the
-	 * order of modules. The module with a highest priority is asked first, if
-	 * it has a process which can do an authentication.
-	 * 
-	 * @return the priority of the module.
-	 */
-	int getPriority();
-
-	/**
-	 * Checks if the module has a process, which is able to do an authentication
-	 * with the given {@link ExecutionContext}.
-	 * 
-	 * @param context
-	 *            an ExecutionContext for a process.
-	 * @return the process-ID of a process which is able to work with the given
-	 *         ExecutionContext, or {@code null}.
-	 */
-	String selectProcess(ExecutionContext context);
-
-	/**
-	 * Returns the an Array of {@link ProcessDefinition}s of the processes
-	 * included in this module.
-	 * 
-	 * @return an array of resource uris of the processes included in this
-	 *         module.
-	 */
-	String[] getProcessDefinitions();
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/modulregistration/ModuleRegistration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/modulregistration/ModuleRegistration.java
deleted file mode 100644
index fc352742d..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/modulregistration/ModuleRegistration.java
+++ /dev/null
@@ -1,29 +0,0 @@
-package at.gv.egovernment.moa.id.moduls.modulregistration;
-
-import com.datentechnik.process_engine.api.ExecutionContext;
-
-public class ModuleRegistration {
-
-	private static ModuleRegistration instance;
-
-	public static ModuleRegistration getInstance() {
-		if (instance == null) {
-			instance = new ModuleRegistration();
-		}
-		return instance;
-	}
-
-	private ModuleRegistration() {
-		initRegistry();
-	}
-
-	private void initRegistry() {
-		// TODO: use ServiceLoader and Spring to find all modules
-	}
-
-	public String selectProcess(ExecutionContext context) {
-		// TODO: implement
-		return null;
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.modulregistration.AuthModule b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.modulregistration.AuthModule
new file mode 100644
index 000000000..0d7e98006
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.modulregistration.AuthModule
@@ -0,0 +1,2 @@
+# The default moaid process
+at.gv.egovernment.moa.id.moduls.modulregistration.AuthModuleImpl
\ No newline at end of file
-- 
cgit v1.2.3


From d45b41a740a6267c78a6ea27b7617c3d317db837 Mon Sep 17 00:00:00 2001
From: Christian Wagner <c.wagner@datentechnik-innovation.com>
Date: Thu, 29 Jan 2015 08:18:00 +0100
Subject: integrate process engine from project 'dti-process-engine' -
 INCOMPLETE!

  - commit neccessary in order to avoid blocking the development process

additional small fix due to earlier package renaming
---
 .../src/main/webapp/WEB-INF/applicationContext.xml |   6 +-
 id/server/idserverlib/pom.xml                      |   5 -
 .../moa/id/process/ExecutionContextImpl.java       |  79 ++++
 .../process/ExpressionEvaluationContextImpl.java   |  44 ++
 .../moa/id/process/ProcessDefinitionParser.java    | 224 ++++++++++
 .../process/ProcessDefinitionParserException.java  |  35 ++
 .../egovernment/moa/id/process/ProcessEngine.java  | 113 +++++
 .../moa/id/process/ProcessEngineImpl.java          | 304 +++++++++++++
 .../moa/id/process/ProcessExecutionException.java  |  36 ++
 .../moa/id/process/ProcessInstance.java            | 166 +++++++
 .../moa/id/process/ProcessInstanceState.java       |  30 ++
 .../moa/id/process/api/ExecutionContext.java       |  63 +++
 .../process/api/ExpressionEvaluationContext.java   |  23 +
 .../moa/id/process/api/ExpressionEvaluator.java    |  25 ++
 .../at/gv/egovernment/moa/id/process/api/Task.java |  21 +
 .../egovernment/moa/id/process/model/EndEvent.java |  42 ++
 .../moa/id/process/model/ProcessDefinition.java    | 158 +++++++
 .../moa/id/process/model/ProcessNode.java          |  69 +++
 .../moa/id/process/model/StartEvent.java           |  45 ++
 .../egovernment/moa/id/process/model/TaskInfo.java |  94 ++++
 .../moa/id/process/model/Transition.java           | 136 ++++++
 .../process/spring/SpringExpressionEvaluator.java  |  61 +++
 .../springweb/AbstractAuthSourceServlet.java       | 116 +++++
 .../springweb/AbstractSpringWebSupportedTask.java  |  73 +++
 .../moa/id/process/support/SecureRandomHolder.java |  35 ++
 ...ent.moa.id.moduls.moduleregistration.AuthModule |   2 +
 ...ment.moa.id.moduls.modulregistration.AuthModule |   2 -
 .../moa/id/process/ProcessDefinition.xsd           |  53 +++
 ...mpleProcessDefinitionForSAML1Authentication.xml |  54 +++
 .../SampleProcessDefinitionWithExpression1.xml     |  19 +
 ...ingExpressionAwareProcessEngineTest-context.xml |  30 ++
 .../test/SpringExpressionEvaluatorTest-context.xml |  14 +
 .../test/task/IdentityLink_Max_Mustermann.xml      |  52 +++
 .../id/process/spring/test/task/SAML1Assertion.xml | 487 +++++++++++++++++++++
 .../process/spring/test/task/SignedAuthBlock.xml   | 179 ++++++++
 35 files changed, 2886 insertions(+), 9 deletions(-)
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ExecutionContextImpl.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ExpressionEvaluationContextImpl.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessDefinitionParser.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessDefinitionParserException.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessExecutionException.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessInstance.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessInstanceState.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/ExecutionContext.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/ExpressionEvaluationContext.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/ExpressionEvaluator.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/Task.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/EndEvent.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/ProcessDefinition.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/ProcessNode.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/StartEvent.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/TaskInfo.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/Transition.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/spring/SpringExpressionEvaluator.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/AbstractAuthSourceServlet.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/AbstractSpringWebSupportedTask.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/support/SecureRandomHolder.java
 create mode 100644 id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.moduleregistration.AuthModule
 delete mode 100644 id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.modulregistration.AuthModule
 create mode 100644 id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/process/ProcessDefinition.xsd
 create mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SampleProcessDefinitionForSAML1Authentication.xml
 create mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SampleProcessDefinitionWithExpression1.xml
 create mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml
 create mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionEvaluatorTest-context.xml
 create mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/IdentityLink_Max_Mustermann.xml
 create mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SAML1Assertion.xml
 create mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignedAuthBlock.xml

(limited to 'id/server/auth/src')

diff --git a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml
index a4a06d24a..ce8fe8971 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml
@@ -9,16 +9,18 @@
 
 	<context:annotation-config />
 
-	<bean id="processEngine" class="com.datentechnik.process_engine.ProcessEngineImpl">
+	<bean id="processEngine" class="at.gv.egovernment.moa.id.process.ProcessEngineImpl">
 		<property name="transitionConditionExpressionEvaluator">
 			<bean class="com.datentechnik.process_engine.spring.SpringExpressionEvaluator" />
 		</property>
 		<property name="processInstanceMaxIdleTimeSeconds" value="600" />
+	<!--
 		<property name="processDefinitions">
 			<bean class="com.datentechnik.process_engine.spring.ProcessDefinitionsFactoryBean">
 				<property name="resources" value="classpath:resources/processes/*.process.xml" />
 			</bean>
 		</property>
+	-->
 	</bean>
 	
 	<task:scheduler id="taskScheduler" pool-size="1" />
@@ -27,5 +29,5 @@
 	</task:scheduled-tasks>
 	
 	<bean id="authenticationManager" class="at.gv.egovernment.moa.id.moduls.AuthenticationManager" factory-method="getInstance" />
-	<bean id="moduleRegistration" class="at.gv.egovernment.moa.id.moduls.modulregistration.ModuleRegistration" factory-method="getInstance" />
+	<bean id="moduleRegistration" class="at.gv.egovernment.moa.id.moduls.moduleregistration.ModuleRegistration" factory-method="getInstance" />
 </beans>
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index 530e00d74..0b3319111 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -406,11 +406,6 @@
 			</exclusions>
 		</dependency>
 
-		<dependency>
-			<groupId>com.datentechnik.process-engine</groupId>
-			<artifactId>dti-process-engine-spring-web</artifactId>
-			<version>${com.datentechnik.process-engine.version}</version>
-		</dependency>
 		<dependency>
 			<groupId>javax.servlet</groupId>
 			<artifactId>javax.servlet-api</artifactId>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ExecutionContextImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ExecutionContextImpl.java
new file mode 100644
index 000000000..87ee57a24
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ExecutionContextImpl.java
@@ -0,0 +1,79 @@
+package at.gv.egovernment.moa.id.process;
+
+import java.io.Serializable;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+
+import com.datentechnik.process_engine.api.ExecutionContext;
+
+/**
+ * ExecutionContext implementation, related to a certain process instance.
+ * 
+ * @author tknall
+ * 
+ */
+public class ExecutionContextImpl implements ExecutionContext {
+
+	private static final long serialVersionUID = 1L;
+
+	private Map<String, Serializable> ctxData = Collections.synchronizedMap(new HashMap<String, Serializable>());
+
+	private String processInstanceId;
+
+	/**
+	 * Creates a new instance.
+	 */
+	public ExecutionContextImpl() {
+	}
+
+	/**
+	 * Creates a new instance and associated it with a certain process instance.
+	 */
+	public ExecutionContextImpl(String processInstanceId) {
+		this.processInstanceId = processInstanceId;
+	}
+
+	@Override
+	public void setProcessInstanceId(String processInstanceId) {
+		this.processInstanceId = processInstanceId;
+	}
+
+	@Override
+	public String getProcessInstanceId() {
+		return processInstanceId;
+	}
+
+	@Override
+	public Serializable get(String key) {
+		return ctxData.get(key);
+	}
+
+	@Override
+	public Serializable remove(String key) {
+		return ctxData.remove(key);
+	}
+
+	@Override
+	public void put(String key, Serializable object) {
+		ctxData.put(key, object);
+	}
+
+	@Override
+	public Set<String> keySet() {
+		return Collections.unmodifiableSet(ctxData.keySet());
+	}
+
+	@Override
+	public String toString() {
+		StringBuilder builder = new StringBuilder();
+		builder.append("ExecutionContextImpl [");
+		builder.append("id=").append(processInstanceId);
+		builder.append(", variables=");
+		builder.append(ctxData.keySet());
+		builder.append("]");
+		return builder.toString();
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ExpressionEvaluationContextImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ExpressionEvaluationContextImpl.java
new file mode 100644
index 000000000..acc10449f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ExpressionEvaluationContextImpl.java
@@ -0,0 +1,44 @@
+package at.gv.egovernment.moa.id.process;
+
+import java.io.Serializable;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+
+import com.datentechnik.process_engine.api.ExecutionContext;
+import com.datentechnik.process_engine.api.ExpressionEvaluationContext;
+
+/**
+ * Context implementation used for expression evaluation only.
+ * 
+ * @author tknall
+ * 
+ */
+public class ExpressionEvaluationContextImpl implements ExpressionEvaluationContext {
+
+	private static final long serialVersionUID = 1L;
+
+	private Map<String, Serializable> ctxData;
+
+	/**
+	 * Creates a new instance and initializes it with data from a given process instance.
+	 * 
+	 * @param processInstance
+	 *            The process instance.
+	 */
+	ExpressionEvaluationContextImpl(ProcessInstance processInstance) {
+		ExecutionContext executionContext = processInstance.getExecutionContext();
+		Set<String> keys = executionContext.keySet();
+		ctxData = Collections.synchronizedMap(new HashMap<String, Serializable>(keys.size()));
+		for (String key : keys) {
+			ctxData.put(key, executionContext.get(key));
+		}
+	}
+
+	@Override
+	public Map<String, Serializable> getCtx() {
+		return Collections.unmodifiableMap(ctxData);
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessDefinitionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessDefinitionParser.java
new file mode 100644
index 000000000..b38bb7aa0
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessDefinitionParser.java
@@ -0,0 +1,224 @@
+package at.gv.egovernment.moa.id.process;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Objects;
+
+import javax.xml.XMLConstants;
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLEventReader;
+import javax.xml.stream.XMLInputFactory;
+import javax.xml.stream.XMLStreamConstants;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.events.Attribute;
+import javax.xml.stream.events.StartElement;
+import javax.xml.stream.events.XMLEvent;
+import javax.xml.stream.util.EventReaderDelegate;
+import javax.xml.transform.stax.StAXSource;
+import javax.xml.transform.stream.StreamSource;
+import javax.xml.validation.Schema;
+import javax.xml.validation.SchemaFactory;
+import javax.xml.validation.Validator;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.xml.sax.SAXException;
+
+import com.datentechnik.process_engine.model.EndEvent;
+import com.datentechnik.process_engine.model.ProcessDefinition;
+import com.datentechnik.process_engine.model.ProcessNode;
+import com.datentechnik.process_engine.model.StartEvent;
+import com.datentechnik.process_engine.model.TaskInfo;
+import com.datentechnik.process_engine.model.Transition;
+
+/**
+ * Parses an XML representation of a process definition as defined by the respective XML schema.
+ * <p/
+ * The parser is thread-safe.
+ * @author tknall
+ *
+ */
+public class ProcessDefinitionParser {
+	
+	private static final String NS = "http://www.datentechnik.com/process-engine/processdefinition/v1";
+	
+	private static Logger log = LoggerFactory.getLogger(ProcessDefinitionParser.class);
+
+	private static class LazyProcessDefinitionSchemaHolder {
+		private static final Schema PD_SCHEMA_INSTANCE;
+		static {
+			try (InputStream in = ProcessDefinitionParser.class.getResourceAsStream("ProcessDefinition.xsd")) {
+				log.trace("Compiling process definition schema.");
+				SchemaFactory factory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
+				// schema is thread-safe
+				PD_SCHEMA_INSTANCE = factory.newSchema(new StreamSource(in));
+			} catch (Exception e) {
+				throw new RuntimeException("Unable to compile process definition schema.", e);
+			}
+		}
+	}
+
+	/**
+	 * Parses an XML representation of a process definition. The representation is being validated in order to suffice
+	 * the related XML schema.
+	 * 
+	 * @param processDefinitionInputStream
+	 *            The process definition.
+	 * @return A new process definition.
+	 * @throws ProcessDefinitionParserException
+	 *             Thrown in case of error parsing the process definition.
+	 */
+	public ProcessDefinition parse(InputStream processDefinitionInputStream) throws ProcessDefinitionParserException {
+		XMLEventReader reader = null;
+		final ProcessDefinition pd = new ProcessDefinition();
+		log.debug("Parsing and validating process definition.");
+		try {
+
+			// Standard implementation of XMLInputFactory seems not to be thread-safe
+			XMLInputFactory inputFactory = XMLInputFactory.newInstance();
+			reader = inputFactory.createXMLEventReader(processDefinitionInputStream);
+
+			final List<StartElement> transitionElements = new ArrayList<>();
+			final List<StartEvent> startEvents = new ArrayList<>();
+			
+			reader = new EventReaderDelegate(reader) {
+
+				@Override
+				public XMLEvent nextEvent() throws XMLStreamException {
+					XMLEvent event = super.nextEvent();
+
+					switch (event.getEventType()) {
+					case XMLStreamConstants.START_ELEMENT:
+						StartElement element = event.asStartElement();
+						QName qname = element.getName();
+						
+						if (NS.equals(qname.getNamespaceURI())) {
+							log.trace("Found process description element '{}'.", qname.getLocalPart());
+							Attribute id = element.getAttributeByName(new QName("id"));
+							
+							switch (qname.getLocalPart()) {
+							case "ProcessDefinition":
+								if (id != null) {
+									pd.setId(id.getValue());
+								}
+								break;
+							case "StartEvent":
+								StartEvent startEvent = new StartEvent();
+								if (id != null) {
+									startEvent.setId(id.getValue());
+								}
+								startEvents.add(startEvent);
+								break;
+							case "EndEvent":
+								EndEvent endEvent = new EndEvent();
+								if (id != null) {
+									endEvent.setId(id.getValue());
+									pd.getEndEvents().put(id.getValue(), endEvent);
+								}
+								break;
+							case "Transition":
+								transitionElements.add(element);
+								break;
+							case "Task":
+								TaskInfo taskInfo = new TaskInfo();
+								if (id != null) {
+									taskInfo.setId(id.getValue());
+									pd.getTaskInfos().put(id.getValue(), taskInfo);
+								}
+								Attribute async = element.getAttributeByName(new QName("async"));
+								if (async != null) {
+									taskInfo.setAsync(Boolean.valueOf(async.getValue()));
+								}
+								Attribute implementingClass = element.getAttributeByName(new QName("class"));
+								if (implementingClass != null) {
+									taskInfo.setTaskImplementingClass(implementingClass.getValue());
+								}
+								break;
+							}
+							
+						}
+						
+						break;
+					}
+
+					return event;
+				}
+
+			};
+
+			// validator is not thread-safe
+			Validator validator = LazyProcessDefinitionSchemaHolder.PD_SCHEMA_INSTANCE.newValidator();
+			validator.validate(new StAXSource(reader));
+			log.trace("Process definition successfully schema validated.");
+
+			// perform some basic checks
+			log.trace("Building model and performing some plausibility checks.");
+			if (startEvents.size() != 1) {
+				throw new ProcessDefinitionParserException("A ProcessDefinition must contain exactly one single StartEvent.");
+			}
+			pd.setStartEvent(startEvents.get(0));
+			
+			// link transitions
+			Iterator<StartElement> transitions = transitionElements.iterator();
+			while (transitions.hasNext()) {
+				StartElement element = transitions.next();
+				Transition transition = new Transition();
+				Attribute id = element.getAttributeByName(new QName("id"));
+				if (id != null) {
+					transition.setId(id.getValue());
+				}
+				Attribute conditionExpression = element.getAttributeByName(new QName("conditionExpression"));
+				if (conditionExpression != null) {
+					transition.setConditionExpression(conditionExpression.getValue());
+				}
+				Attribute from = element.getAttributeByName(new QName("from"));
+				if (from != null) {
+					ProcessNode fromNode = pd.getProcessNode(from.getValue());
+					if (fromNode == null) {
+						throw new ProcessDefinitionParserException("Transition's 'from'-attribute refers to a non-existing event or task '" + from.getValue() + '.');
+					}
+					if (fromNode instanceof EndEvent) {
+						throw new ProcessDefinitionParserException("Transition cannot start from end event.");
+					}
+					transition.setFrom(fromNode);
+					fromNode.getOutgoingTransitions().add(transition);
+				}
+				Attribute to = element.getAttributeByName(new QName("to"));
+				if (to != null) {
+					ProcessNode toNode = pd.getProcessNode(to.getValue());
+					if (toNode == null) {
+						throw new ProcessDefinitionParserException("Transition's 'to'-attribute refers to a non-existing event or task '" + to.getValue() + '.');
+					}
+					transition.setTo(toNode);
+					toNode.getIncomingTransitions().add(transition);
+				}
+				if (transition.getConditionExpression() == null && Objects.equals(transition.getFrom(), transition.getTo())) {
+					throw new ProcessDefinitionParserException("Transition's 'from' equals its 'to'. Since no 'conditionExpression' has been set this will cause a loop.");
+				}
+			}
+			log.debug("Process definition '{}' successfully parsed.", pd.getId());
+			return pd;
+
+		} catch (ProcessDefinitionParserException e) {
+			throw e;
+		} catch (XMLStreamException|IOException e) {
+			throw new ProcessDefinitionParserException("Unable to read process definition from inputstream.", e);
+		} catch (SAXException e) {
+			throw new ProcessDefinitionParserException("Schema validation of process description failed.", e);
+		} catch (Exception e) {
+			throw new ProcessDefinitionParserException("Internal error creating process definition from inputstream.", e);
+		} finally {
+			if (reader != null) {
+				try {
+					reader.close();
+				} catch (XMLStreamException e) {
+					// error freeing resources
+				}
+			}
+		}
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessDefinitionParserException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessDefinitionParserException.java
new file mode 100644
index 000000000..0c214750d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessDefinitionParserException.java
@@ -0,0 +1,35 @@
+package at.gv.egovernment.moa.id.process;
+
+/**
+ * Exception thrown in case of error parsing a process definition.
+ * 
+ * @author tknall
+ * 
+ */
+public class ProcessDefinitionParserException extends Exception {
+
+	private static final long serialVersionUID = 1L;
+
+	/**
+	 * Creates a new parser exception providing a {@code message} describing the reason and the {@code cause}.
+	 * 
+	 * @param message
+	 *            The message.
+	 * @param cause
+	 *            The cause.
+	 */
+	public ProcessDefinitionParserException(String message, Throwable cause) {
+		super(message, cause);
+	}
+
+	/**
+	 * Creates a new parser exception providing a {@code message} describing the reason.
+	 * 
+	 * @param message
+	 *            The message.
+	 */
+	public ProcessDefinitionParserException(String message) {
+		super(message);
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java
new file mode 100644
index 000000000..b4135ee41
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java
@@ -0,0 +1,113 @@
+package at.gv.egovernment.moa.id.process;
+
+
+import java.io.InputStream;
+import java.io.Serializable;
+
+import com.datentechnik.process_engine.api.ExecutionContext;
+import com.datentechnik.process_engine.model.ProcessDefinition;
+
+/**
+ * Process engine providing means for starting and resuming processes.
+ * 
+ * @author tknall
+ */
+public interface ProcessEngine {
+
+	/**
+	 * Registers a new process definition. Note that existing definitions with the same identifier will be replaced.
+	 * 
+	 * @param processDefinition
+	 *            The process definition to be registered.
+	 */
+	void registerProcessDefinition(ProcessDefinition processDefinition);
+
+	/**
+	 * Registers a new process definition given as {@link InputStream}. Note that existing definitions with the same identifier will be replaced.
+	 *
+	 * @param processDefinitionInputStream The input stream to the definition to be registered.
+	 * @throws ProcessDefinitionParserException Thrown in case of an error parsing the process definition.
+	 */
+	void registerProcessDefinition(InputStream processDefinitionInputStream) throws ProcessDefinitionParserException;
+
+	/**
+	 * Creates a process instance according to the referenced process definition.
+	 * <p/>
+	 * Note that the method returns a process instance which will be needed in order to start a process or to continue
+	 * process execution after asynchronous task execution (refer to {@link #start(ProcessInstance)} and
+	 * {@link #signal(ProcessInstance)} for further information).
+	 * 
+	 * @param processDefinitionId
+	 *            The identifier of the respective process definition.
+	 * @param executionContext The execution context (may be {@code null}).
+	 * @return The newly created process instance (never {@code null}).
+	 * @throws ProcessExecutionException
+	 *             Thrown in case of error, e.g. when a {@code processDefinitionId} is referenced that does not exist.
+	 */
+	ProcessInstance createProcessInstance(String processDefinitionId, ExecutionContext executionContext) throws ProcessExecutionException;
+
+	/**
+	 * Creates a process instance according to the referenced process definition.
+	 * <p/>
+	 * Note that the method returns a process instance which will be needed in order to start a process or to continue
+	 * process execution after asynchronous task execution (refer to {@link #start(ProcessInstance)} and
+	 * {@link #signal(ProcessInstance)} for further information).
+	 * 
+	 * @param processDefinitionId
+	 *            The identifier of the respective process definition.
+	 * @return The newly created process instance (never {@code null}).
+	 * @throws ProcessExecutionException
+	 *             Thrown in case of error, e.g. when a {@code processDefinitionId} is referenced that does not exist.
+	 */
+	ProcessInstance createProcessInstance(String processDefinitionId) throws ProcessExecutionException;
+
+	/**
+	 * Returns the process instance with a given {@code processInstanceId}.
+	 * 
+	 * @param processInstanceId
+	 *            The process instance id.
+	 * @return The process instance (never {@code null}).
+	 * @throws IllegalArgumentException
+	 *             In case the process instance does not/no longer exist.
+	 */
+	ProcessInstance getProcessInstance(String processInstanceId);
+
+	/**
+	 * Starts the process using the given {@code processInstance}.
+	 * 
+	 * @param processInstance
+	 *            The process instance.
+	 * @throws ProcessExecutionException
+	 *             Thrown in case of error.
+	 */
+	void start(ProcessInstance processInstance) throws ProcessExecutionException;
+
+	/**
+	 * Resumes process execution after an asynchronous task has been executed.
+	 * 
+	 * @param processInstance
+	 *            The process instance.
+	 * @throws ProcessExecutionException
+	 *             Thrown in case of error.
+	 */
+	void signal(ProcessInstance processInstance) throws ProcessExecutionException;
+
+	/**
+	 * Performs cleanup, removing all process instances that have not been used for a certain time.
+	 * 
+	 * @see #setProcessInstanceMaxIdleTimeSeconds(long)
+	 */
+	void cleanup();
+
+	/**
+	 * Returns the first process instance with a process context containing some {@code value} stored under key {@code key}.
+	 * 
+	 * @param key
+	 *            The key.
+	 * @param value
+	 *            The value that needs to match.
+	 * @return The process instance or {@code null} in case no process instance was found.
+	 */
+	ProcessInstance findProcessInstanceWith(String key, Serializable value);
+
+}
\ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java
new file mode 100644
index 000000000..8f9d73b3d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java
@@ -0,0 +1,304 @@
+package at.gv.egovernment.moa.id.process;
+
+import java.io.InputStream;
+import java.io.Serializable;
+import java.util.Date;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Objects;
+import java.util.concurrent.ConcurrentHashMap;
+
+import org.apache.commons.collections4.CollectionUtils;
+import org.apache.commons.collections4.Predicate;
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.slf4j.MDC;
+
+import com.datentechnik.process_engine.api.ExecutionContext;
+import com.datentechnik.process_engine.api.ExpressionEvaluationContext;
+import com.datentechnik.process_engine.api.ExpressionEvaluator;
+import com.datentechnik.process_engine.api.Task;
+import com.datentechnik.process_engine.model.EndEvent;
+import com.datentechnik.process_engine.model.ProcessDefinition;
+import com.datentechnik.process_engine.model.ProcessNode;
+import com.datentechnik.process_engine.model.StartEvent;
+import com.datentechnik.process_engine.model.TaskInfo;
+import com.datentechnik.process_engine.model.Transition;
+
+/**
+ * Process engine implementation allowing starting and continuing processes as well as providing means for cleanup actions.
+ * @author tknall
+ *
+ */
+public class ProcessEngineImpl implements ProcessEngine {
+	
+	private Logger log = LoggerFactory.getLogger(getClass());
+	
+	private ProcessDefinitionParser pdp = new ProcessDefinitionParser();
+
+	private Map<String, ProcessDefinition> processDefinitions = new ConcurrentHashMap<String, ProcessDefinition>();
+	private Map<String, ProcessInstance> processInstances = new ConcurrentHashMap<String, ProcessInstance>();
+	
+	private final static String MDC_CTX_PI_NAME = "processInstanceId";
+	private final static String MDC_CTX_TASK_NAME = "taskId";
+	
+	private static final long DEFAULT_PROCESS_INSTANCE_MAX_AGE_SECONDS = 3600;
+	private long processInstanceIdleTimeSeconds = DEFAULT_PROCESS_INSTANCE_MAX_AGE_SECONDS;
+	private ExpressionEvaluator transitionConditionExpressionEvaluator;
+	
+	@Override
+	public void registerProcessDefinition(ProcessDefinition processDefinition) {
+		log.info("Registering process definition '{}'.", processDefinition.getId());
+		processDefinitions.put(processDefinition.getId(), processDefinition);
+	}
+
+	@Override
+	public void registerProcessDefinition(InputStream processDefinitionInputStream) throws ProcessDefinitionParserException{
+		registerProcessDefinition(pdp.parse(processDefinitionInputStream));
+	}
+
+	/**
+	 * Sets the process definitions.
+	 * 
+	 * @param processDefinitions
+	 *            The process definitions.
+	 * @throws IllegalArgumentException
+	 *             In case the process definitions contain definitions with the same identifier.
+	 */
+	public void setProcessDefinitions(Iterable<ProcessDefinition> processDefinitions) {
+		this.processDefinitions.clear();
+		for (ProcessDefinition pd : processDefinitions) {
+			if (this.processDefinitions.containsKey(pd.getId())) {
+				throw new IllegalArgumentException("Duplicate process definition identifier '" + pd.getId() + "'.");
+			}
+			registerProcessDefinition(pd);
+		}
+	}
+	
+	/**
+	 * Defines the time frame in seconds an idle process instance will be managed by the process engine. A process
+	 * instance with an idle time larger than the given time will be removed.
+	 * <p/>
+	 * Note that {@link #cleanup()} needs to be called in order to remove expired process instances.
+	 * 
+	 * @param processInstanceMaxIdleTimeSeconds
+	 *            The maximum idle time in seconds.
+	 */
+	public void setProcessInstanceMaxIdleTimeSeconds(long processInstanceMaxIdleTimeSeconds) {
+		this.processInstanceIdleTimeSeconds = processInstanceMaxIdleTimeSeconds;
+	}
+
+	/**
+	 * Sets an expression evaluator that should be used to process transition condition expressions.
+	 * @param transitionConditionExpressionEvaluator The expression evaluator.
+	 */
+	public void setTransitionConditionExpressionEvaluator(
+			ExpressionEvaluator transitionConditionExpressionEvaluator) {
+		this.transitionConditionExpressionEvaluator = transitionConditionExpressionEvaluator;
+	}
+	
+
+	@Override
+	public ProcessInstance createProcessInstance(String processDefinitionId, ExecutionContext executionContext) throws ProcessExecutionException {
+		// look for respective process definition
+		ProcessDefinition pd = processDefinitions.get(processDefinitionId);
+		if (pd == null) {
+			throw new ProcessExecutionException("Unable to find process definition for process '" + processDefinitionId + "'.");
+		}
+		// create and keep process instance
+		ProcessInstance pi = new ProcessInstance(pd, executionContext);
+		log.info("Creating process instance from process definition '{}': {}", processDefinitionId, pi.getId());
+		processInstances.put(pi.getId(), pi);
+		return pi;
+	}
+
+	@Override
+	public ProcessInstance createProcessInstance(String processDefinitionId) throws ProcessExecutionException {
+		return createProcessInstance(processDefinitionId, null);
+	}
+
+	@Override
+	public void start(ProcessInstance pi) throws ProcessExecutionException {
+		MDC.put(MDC_CTX_PI_NAME, pi.getId());
+		try {
+			if (!ProcessInstanceState.NOT_STARTED.equals(pi.getState())) {
+				throw new ProcessExecutionException("Process instance '" + pi.getId() + "' has already been started (current state is " + pi.getState() + ").");
+			}
+			log.info("Starting process instance '{}'.", pi.getId());
+			// execute process
+			pi.setState(ProcessInstanceState.STARTED);
+			execute(pi);
+		} finally {
+			MDC.remove(MDC_CTX_PI_NAME);
+		}
+	}
+	
+	@Override
+	public void signal(ProcessInstance pi) throws ProcessExecutionException {
+		MDC.put(MDC_CTX_PI_NAME, pi.getId());
+		try {
+			if (!ProcessInstanceState.SUSPENDED.equals(pi.getState())) {
+				throw new ProcessExecutionException("Process instance '" + pi.getId() + "' has not been suspended (current state is " + pi.getState() + ").");
+			}
+			log.info("Waking up process instance '{}'.", pi.getId());
+			pi.setState(ProcessInstanceState.STARTED);
+			execute(pi);
+		} finally {
+			MDC.remove(MDC_CTX_PI_NAME);
+		}
+	}
+	
+	@Override
+	public synchronized void cleanup() {
+		log.trace("Cleanup job started.");
+		Iterator<Entry<String, ProcessInstance>> it = processInstances.entrySet().iterator();
+		while (it.hasNext()) {
+			Entry<String, ProcessInstance> entry = it.next();
+			ProcessInstance pi = entry.getValue();
+			log.trace("Checking process instance {}.", pi);
+			long ageMillis = new Date().getTime() - pi.getLru().getTime();
+			if (ageMillis > processInstanceIdleTimeSeconds * 1000) {
+				log.info("Removing process instance '{}'.", pi.getId());
+				processInstances.remove(entry.getKey());
+			}
+		}
+		log.trace("Cleanup job completed.");
+	}
+
+	/**
+	 * Instantates a task implementation given by a {@link TaskInfo}.
+	 * @param ti The task info.
+	 * @return A Task implementation or {@code null} if the task info does not reference any task implementing classes.
+	 * @throws ProcessExecutionException Thrown in case of error (when the referenced class does not implement {@link Task} for instance).
+	 */
+	private Task createTaskInstance(TaskInfo ti) throws ProcessExecutionException {
+		String clazz = StringUtils.trimToNull(ti.getTaskImplementingClass());
+		Task task = null;
+		
+		if (clazz != null) {
+			log.debug("Instantiating task implementing class '{}'.", clazz);
+			Class<?> instanceClass = null;
+			try {
+				instanceClass = Class.forName(clazz, true, Thread.currentThread().getContextClassLoader());
+			} catch (Exception e) {
+				throw new ProcessExecutionException("Unable to get class '" + clazz + "' associated with task '" + ti.getId() + "' .", e);
+			}
+			if (!Task.class.isAssignableFrom(instanceClass)) {
+				throw new ProcessExecutionException("Class '" + clazz + "' associated with task '" + ti.getId() + "' is not assignable to " + Task.class.getName() + ".");
+			}
+			try {
+				task = (Task) instanceClass.newInstance();
+			} catch (Exception e) {
+				throw new ProcessExecutionException("Unable to instantiate class '" + clazz + "' associated with task '" + ti.getId() + "' .", e);
+			}
+		}
+		
+		return task;
+	}
+
+	/**
+	 * Starts/executes a given process instance.
+	 * @param pi The process instance.
+	 * @throws ProcessExecutionException Thrown in case of error.
+	 */
+	private void execute(final ProcessInstance pi) throws ProcessExecutionException {
+		if (ProcessInstanceState.ENDED.equals(pi.getState())) {
+			throw new ProcessExecutionException("Process for instance '" + pi.getId() + "' has already been ended.");
+		}
+		ProcessDefinition pd = pi.getProcessDefinition();
+		ProcessNode processNode = pd.getProcessNode(pi.getNextId());
+		log.debug("Processing node '{}'.", processNode.getId());
+		
+		// distinguish process node types StartEvent, TaskInfo and EndEvent
+		
+		if (processNode instanceof TaskInfo) {
+			// TaskInfo types need to be executed
+			TaskInfo ti = (TaskInfo) processNode;
+			MDC.put(MDC_CTX_TASK_NAME, ti.getId());
+			try {
+				log.info("Processing task '{}'.", ti.getId());
+				Task task = createTaskInstance(ti);
+				if (task != null) {
+					try {
+						log.info("Executing task implementation for task '{}'.", ti.getId());
+						log.debug("Execution context before task execution: {}", pi.getExecutionContext().keySet());
+						task.execute(pi.getExecutionContext());
+						log.info("Returned from execution of task '{}'.", ti.getId());
+						log.debug("Execution context after task execution: {}", pi.getExecutionContext().keySet());
+					} catch (Throwable t) {
+						throw new ProcessExecutionException("Error executing task '" + ti.getId() + "'.", t);
+					}
+				} else {
+					log.debug("No task implementing class set.");
+				}
+			} finally {
+				MDC.remove(MDC_CTX_TASK_NAME);
+			}
+			
+		} else if (processNode instanceof EndEvent) {
+			log.info("Finishing process instance '{}'.", pi.getId());
+			processInstances.remove(pi.getId());
+			pi.setState(ProcessInstanceState.ENDED);
+			log.debug("Final process context: {}", pi.getExecutionContext().keySet());
+			return;
+		}
+		
+		final ExpressionEvaluationContext expressionContext = new ExpressionEvaluationContextImpl(pi);
+		
+		// traverse pointer
+		Transition t = CollectionUtils.find(processNode.getOutgoingTransitions(), new Predicate<Transition>() {
+			@Override
+			public boolean evaluate(Transition transition) {
+				if (transitionConditionExpressionEvaluator != null && transition.getConditionExpression() != null) {
+					log.trace("Evaluating transition expression '{}'.", transition.getConditionExpression());
+					return transitionConditionExpressionEvaluator.evaluate(expressionContext, transition.getConditionExpression());
+				}
+				return true;
+			}
+		});
+		if (t == null) {
+			throw new ProcessExecutionException("No valid transition starting from process node '" + processNode.getId()+ "'.");
+		}
+		log.trace("Found suitable transition: {}", t);
+		// update pointer
+		log.trace("Shifting process token from '{}' to '{}'.", pi.getNextId(), t.getTo().getId());
+		pi.setNextId(t.getTo().getId());
+		
+		// inspect current task
+		if (t.getTo() instanceof TaskInfo && (((TaskInfo) t.getTo()).isAsync())) {
+			// immediately return in case of asynchonous task
+			log.info("Suspending process instance '{}' for asynchronous task '{}'.", pi.getId(), t.getTo().getId());
+			pi.setState(ProcessInstanceState.SUSPENDED);
+			return;
+		}
+		
+		// continue execution in case of StartEvent or Task
+		if (processNode instanceof StartEvent || processNode instanceof TaskInfo) {
+			execute(pi);
+		}
+	}
+
+	@Override
+	public ProcessInstance getProcessInstance(String processInstanceId) {
+		ProcessInstance processInstance = processInstances.get(processInstanceId);
+		if (processInstance == null) {
+			throw new IllegalArgumentException("The process instance '" + processInstanceId + "' does not/no longer exist.");
+		}
+		return processInstance;
+	}
+
+	@Override
+	public ProcessInstance findProcessInstanceWith(String key, Serializable value) {
+		Iterator<ProcessInstance> it = processInstances.values().iterator();
+		while (it.hasNext()) {
+			ProcessInstance pi = it.next();
+			if (Objects.equals(pi.getExecutionContext().get(key), value)) {
+				return pi;
+			}
+		}
+		return null;
+	}
+	
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessExecutionException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessExecutionException.java
new file mode 100644
index 000000000..821bbe6dc
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessExecutionException.java
@@ -0,0 +1,36 @@
+package at.gv.egovernment.moa.id.process;
+
+/**
+ * Indicates a problem when executing a process.
+ * 
+ * @author tknall
+ * 
+ */
+public class ProcessExecutionException extends Exception {
+
+	private static final long serialVersionUID = 1L;
+
+	/**
+	 * Creates a new process execution exception providing a {@code message} describing the reason and the respective
+	 * {@code cause}.
+	 * 
+	 * @param message
+	 *            The message.
+	 * @param cause
+	 *            The cause.
+	 */
+	public ProcessExecutionException(String message, Throwable cause) {
+		super(message, cause);
+	}
+
+	/**
+	 * Creates a new process execution exception providing a {@code message} describing the reason.
+	 * 
+	 * @param message
+	 *            The message.
+	 */
+	public ProcessExecutionException(String message) {
+		super(message);
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessInstance.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessInstance.java
new file mode 100644
index 000000000..0899426ca
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessInstance.java
@@ -0,0 +1,166 @@
+package at.gv.egovernment.moa.id.process;
+
+import java.io.Serializable;
+import java.util.Date;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.commons.lang3.time.DurationFormatUtils;
+
+import com.datentechnik.process_engine.api.ExecutionContext;
+import com.datentechnik.process_engine.model.ProcessDefinition;
+import com.datentechnik.process_engine.support.SecureRandomHolder;
+
+/**
+ * Represents a process being executed. The process instance provides information about the process and its state.
+ * 
+ * @author tknall
+ * 
+ */
+public class ProcessInstance implements Serializable {
+
+	private static final long serialVersionUID = 1L;
+	private static final int RND_ID_LENGTH = 22;
+
+	private ProcessDefinition processDefinition;
+	private String nextId;
+	private Date lru;
+	private ExecutionContext executionContext;
+	private ProcessInstanceState state = ProcessInstanceState.NOT_STARTED;
+
+	/**
+	 * Creates a new process instance, based on a given process definition.<p/>
+	 * An execution context will be created internally.
+	 * 
+	 * @param processDefinition
+	 *            The process definition.
+	 */
+	ProcessInstance(ProcessDefinition processDefinition) {
+		this(processDefinition, null);
+	}
+
+	/**
+	 * Creates a new process instance, based on a given process definition and a
+	 * given execution context. If the given execution context is {@code null} a new execution context will be created.<p/>
+	 * The process instance id of the execution context will automatically be set (and overwritten if already set).
+	 * 
+	 * @param processDefinition
+	 *            The process definition.
+	 * @param executionContext
+	 *            The execution context (may be {@code null}). If {@code null} a new execution context will be created internally.
+	 */
+	ProcessInstance(ProcessDefinition processDefinition, ExecutionContext executionContext) {
+		this.processDefinition = processDefinition;
+		nextId = processDefinition.getStartEvent().getId();
+		String pdIdLocalPart = RandomStringUtils.random(RND_ID_LENGTH, 0, 0, true, true, null,
+				SecureRandomHolder.getInstance());
+		if (executionContext == null) {
+			executionContext = new ExecutionContextImpl();
+		}
+		executionContext.setProcessInstanceId(this.processDefinition.getId() + "-" + pdIdLocalPart);
+		this.executionContext = executionContext;
+		touch();
+	}
+
+	/**
+	 * Returns the underlying process definition.
+	 * 
+	 * @return The underlying process definition.
+	 */
+	ProcessDefinition getProcessDefinition() {
+		touch();
+		return processDefinition;
+	}
+
+	/**
+	 * Returns the id of the process node to be executed next.
+	 * 
+	 * @return The process node pointer indicating the process node to be executed next.
+	 */
+	public String getNextId() {
+		touch();
+		return nextId;
+	}
+
+	/**
+	 * Sets the internal pointer to the process node to be executed next.
+	 * 
+	 * @param nextId
+	 *            The process node id to be executed next.
+	 */
+	void setNextId(String nextId) {
+		touch();
+		this.nextId = nextId;
+	}
+
+	/**
+	 * Returns the current state of the process instance.
+	 * 
+	 * @return The current state.
+	 */
+	public ProcessInstanceState getState() {
+		touch();
+		return state;
+	}
+
+	/**
+	 * Sets the current state of the process instance.
+	 * 
+	 * @param state
+	 *            The current state.
+	 */
+	void setState(ProcessInstanceState state) {
+		touch();
+		this.state = state;
+	}
+
+	public String getId() {
+		touch();
+		return executionContext.getProcessInstanceId();
+	}
+
+	/**
+	 * Updates the last recently used date of the process instance.
+	 */
+	private void touch() {
+		lru = new Date();
+	}
+
+	/**
+	 * Returns the date the process instance has been accessed last.
+	 * 
+	 * @return The last recently used date.
+	 */
+	Date getLru() {
+		return lru;
+	}
+
+	/**
+	 * Returns the associated execution context.
+	 * @return The execution context (never {@code null}).
+	 */
+	public ExecutionContext getExecutionContext() {
+		touch();
+		return executionContext;
+	}
+
+	@Override
+	public String toString() {
+		StringBuilder builder = new StringBuilder();
+		builder.append("ProcessInstance [");
+		builder.append("id=").append(executionContext.getProcessInstanceId());
+		builder.append(", idle since=").append(
+				DurationFormatUtils.formatDurationWords(new Date().getTime() - this.lru.getTime(), true, true));
+		if (processDefinition != null) {
+			builder.append(", processDefinition.id=");
+			builder.append(processDefinition.getId());
+		}
+		if (nextId != null) {
+			builder.append(", nextId=");
+			builder.append(nextId);
+		}
+		builder.append(", executionContext=").append(executionContext);
+		builder.append("]");
+		return builder.toString();
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessInstanceState.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessInstanceState.java
new file mode 100644
index 000000000..2765283a0
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessInstanceState.java
@@ -0,0 +1,30 @@
+package at.gv.egovernment.moa.id.process;
+
+/**
+ * Represents a certain process instance state.
+ * @author tknall
+ *
+ */
+public enum ProcessInstanceState {
+	
+	/**
+	 * Indicates that the process with this process instance has not yet been started.
+	 */
+	NOT_STARTED,
+	
+	/**
+	 * Indicates that the process is currently running.
+	 */
+	STARTED,
+	
+	/**
+	 * Indicates that the process has been suspended until being waken up by someonce calling {@code signal}.
+	 */
+	SUSPENDED,
+	
+	/**
+	 * Indicates that the process has been completed.
+	 */
+	ENDED
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/ExecutionContext.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/ExecutionContext.java
new file mode 100644
index 000000000..4a9dfc336
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/ExecutionContext.java
@@ -0,0 +1,63 @@
+package at.gv.egovernment.moa.id.process.api;
+
+import java.io.Serializable;
+import java.util.Set;
+
+/**
+ * Encapsulates data needed for or provided by task execution.
+ * 
+ * @author tknall
+ * 
+ */
+public interface ExecutionContext extends Serializable {
+
+	/**
+	 * Returns the identifier of underlying process instance.
+	 * 
+	 * @return The identifier of the process instance.
+	 */
+	String getProcessInstanceId();
+
+	/**
+	 * Sets the identifier of underlying process instance.
+	 * 
+	 * @param processInstanceId
+	 *            The identifier of the process instance.
+	 */
+	void setProcessInstanceId(String processInstanceId);
+
+	/**
+	 * Stores a serializable object using {@code key}.
+	 * 
+	 * @param key
+	 *            The key under that the {@code object} should be stored.
+	 * @param object The object to be stored.
+	 */
+	void put(String key, Serializable object);
+
+	/**
+	 * Returns an serializable object stored within this process context using {@code key}.
+	 * 
+	 * @param key
+	 *            The key that has been used to store the serializable object (may be {@code null}).
+	 * @return The object or {@code null} in case the key does not relate to a stored object or the stored object itself
+	 *         was {@code null}.
+	 */
+	Serializable get(String key);
+	
+	/**
+	 * Removes the object stored using {@code key}.
+	 * @param key
+	 *            The key that has been used to store the serializable object (may be {@code null}).
+	 * @return The object that has been removed or {@code null} there was no object stored using {@code key}.
+	 */
+	Serializable remove(String key);
+
+	/**
+	 * Returns an unmodifiable set containing the stored keys.
+	 * 
+	 * @return The keyset (never {@code null}).
+	 */
+	Set<String> keySet();
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/ExpressionEvaluationContext.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/ExpressionEvaluationContext.java
new file mode 100644
index 000000000..bb3b267cf
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/ExpressionEvaluationContext.java
@@ -0,0 +1,23 @@
+package at.gv.egovernment.moa.id.process.api;
+
+import java.io.Serializable;
+import java.util.Map;
+
+import com.datentechnik.process_engine.model.Transition;
+
+/**
+ * Context used for evaluation of condition expressions set for {@linkplain Transition Transitions}.
+ * 
+ * @author tknall
+ * 
+ */
+public interface ExpressionEvaluationContext extends Serializable {
+
+	/**
+	 * Returns the context data map used for expression evaluation.
+	 * 
+	 * @return An unmodifiable map (never {@code null}).
+	 */
+	Map<String, Serializable> getCtx();
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/ExpressionEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/ExpressionEvaluator.java
new file mode 100644
index 000000000..fe0743201
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/ExpressionEvaluator.java
@@ -0,0 +1,25 @@
+package at.gv.egovernment.moa.id.process.api;
+
+/**
+ * Evaluates a given {@code expression} returning a boolean value.
+ * 
+ * @author tknall
+ */
+public interface ExpressionEvaluator {
+
+	/**
+	 * Evaluates a given {@code expression} returning a boolean value.
+	 * 
+	 * @param expressionContext
+	 *            The context which can be used for evaluation of the expression.
+	 * @param expression
+	 *            The expression resulting in a boolean (must not be {@code null}).
+	 * @return A boolean value.
+	 * @throws IllegalArgumentException
+	 *             In case of an invalid {@code expression}.
+	 * @throws NullPointerException
+	 *             In case of a {@code null} expression.
+	 */
+	boolean evaluate(ExpressionEvaluationContext expressionContext, String expression);
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/Task.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/Task.java
new file mode 100644
index 000000000..6401b1d5d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/Task.java
@@ -0,0 +1,21 @@
+package at.gv.egovernment.moa.id.process.api;
+
+
+/**
+ * Represents a single task to be performed upon process execution.
+ * 
+ * @author tknall
+ * 
+ */
+public interface Task {
+
+	/**
+	 * Executes this task.
+	 * 
+	 * @param executionContext
+	 *            Provides execution related information.
+	 * @throws Exception An exception upon task execution.
+	 */
+	void execute(ExecutionContext executionContext) throws Exception;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/EndEvent.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/EndEvent.java
new file mode 100644
index 000000000..49fb082ea
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/EndEvent.java
@@ -0,0 +1,42 @@
+package at.gv.egovernment.moa.id.process.model;
+
+import java.io.Serializable;
+
+import org.apache.commons.collections4.CollectionUtils;
+
+/**
+ * Represents an end event. Process execution terminates when an end event is reached.
+ * 
+ * @author tknall
+ */
+public class EndEvent extends ProcessNode implements Serializable {
+
+	private static final long serialVersionUID = 1L;
+
+	@Override
+	public String toString() {
+		StringBuilder builder = new StringBuilder();
+		builder.append("EndEvent [");
+		if (getId() != null) {
+			builder.append("id=");
+			builder.append(getId());
+		}
+		if (CollectionUtils.isNotEmpty(getIncomingTransitions())) {
+			if (builder.length() > 0) {
+				builder.append(", ");
+			}
+			builder.append("incomingTransitions=");
+			builder.append(getIncomingTransitions());
+		}
+		if (CollectionUtils.isNotEmpty(getOutgoingTransitions())) {
+			if (builder.length() > 0) {
+				builder.append(", ");
+			}
+			builder.append("outgoingTransitions=");
+			builder.append(getOutgoingTransitions());
+		}
+		builder.append("]");
+		return builder.toString();
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/ProcessDefinition.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/ProcessDefinition.java
new file mode 100644
index 000000000..19e78b0e6
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/ProcessDefinition.java
@@ -0,0 +1,158 @@
+package at.gv.egovernment.moa.id.process.model;
+
+import java.util.LinkedHashMap;
+import java.util.Map;
+import java.util.Objects;
+
+import com.datentechnik.process_engine.ProcessDefinitionParser;
+
+/**
+ * Represents a single process definition containing
+ * <ul>
+ * <li>a {@link StartEvent},</li>
+ * <li>one or more {@linkplain TaskInfo Tasks},</li>
+ * <li>one or more {@linkplain EndEvent EndEvents} and</li>
+ * <li>some {@linkplain Transition Transitions} linking StartEvents, Tasks and EndEvents.
+ * </ul>
+ * 
+ * @author tknall
+ * 
+ */
+public class ProcessDefinition {
+
+	private String id;
+	private StartEvent startEvent;
+	private Map<String, TaskInfo> taskInfos = new LinkedHashMap<>();
+	private Map<String, EndEvent> endEvents = new LinkedHashMap<>();
+
+	/**
+	 * Returns the unique identifier of the process definition.
+	 * 
+	 * @return The unique identifier (never {@code null} if process definition comes from
+	 *         {@link ProcessDefinitionParser}).
+	 */
+	public String getId() {
+		return id;
+	}
+
+	/**
+	 * Sets the unique identifier of the process definition.
+	 * 
+	 * @param id
+	 *            The unique identifier.
+	 */
+	public void setId(String id) {
+		this.id = id;
+	}
+
+	/**
+	 * Returns the start event of the process definition.
+	 * 
+	 * @return The start event (never {@code null} if process definition comes from {@link ProcessDefinitionParser}).
+	 */
+	public StartEvent getStartEvent() {
+		return startEvent;
+	}
+
+	/**
+	 * Sets the start event of the process definition.
+	 * 
+	 * @param startEvent
+	 *            The start event.
+	 */
+	public void setStartEvent(StartEvent startEvent) {
+		this.startEvent = startEvent;
+	}
+
+	/**
+	 * Returns a map containing the tasks of the process definition.
+	 * 
+	 * @return The tasks (map is never {@code null} if process definition comes from {@link ProcessDefinitionParser}).
+	 */
+	public Map<String, TaskInfo> getTaskInfos() {
+		return taskInfos;
+	}
+
+	/**
+	 * Sets the map containing the tasks.
+	 * 
+	 * @param taskInfos
+	 *            The map containing the tasks.
+	 */
+	public void setTaskInfos(Map<String, TaskInfo> taskInfos) {
+		this.taskInfos = taskInfos;
+	}
+
+	/**
+	 * Returns a map containing the end events of the process description.
+	 * 
+	 * @return The map containing the end events (map is never {@code null} if process definition comes from
+	 *         {@link ProcessDefinitionParser}).
+	 */
+	public Map<String, EndEvent> getEndEvents() {
+		return endEvents;
+	}
+
+	/**
+	 * Sets a map containing the end events of the process description.
+	 * 
+	 * @param endEvents
+	 *            The map containing the end events.
+	 */
+	public void setEndEvents(Map<String, EndEvent> endEvents) {
+		this.endEvents = endEvents;
+	}
+
+	/**
+	 * Returns the process node associated with the given {@code id}.
+	 * 
+	 * @param id
+	 *            The identifier of the process node.
+	 * @return The process node (may be {code null} when no process node with the given {@code id} exists).
+	 */
+	public ProcessNode getProcessNode(String id) {
+		Objects.requireNonNull(id, "Identifier must not be null.");
+		if (startEvent != null && id.equals(startEvent.getId())) {
+			return startEvent;
+		}
+		TaskInfo task = taskInfos.get(id);
+		if (task != null) {
+			return task;
+		}
+		return endEvents.get(id);
+	}
+
+	@Override
+	public String toString() {
+		StringBuilder builder = new StringBuilder();
+		if (id != null) {
+			builder.append("id=");
+			builder.append(id);
+		}
+		if (startEvent != null) {
+			if (builder.length() > 0) {
+				builder.append(", ");
+			}
+			builder.append("startEvent=");
+			builder.append(startEvent);
+		}
+		if (taskInfos != null && !taskInfos.isEmpty()) {
+			if (builder.length() > 0) {
+				builder.append(", ");
+			}
+			builder.append("tasksInfos=");
+			builder.append(taskInfos.values());
+		}
+		if (endEvents != null && !endEvents.isEmpty()) {
+			if (builder.length() > 0) {
+				builder.append(", ");
+			}
+			builder.append("endEvents=");
+			builder.append(endEvents.values());
+		}
+		builder.insert(0, "ProcessDefinition [");
+		builder.append("]");
+		return builder.toString();
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/ProcessNode.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/ProcessNode.java
new file mode 100644
index 000000000..a94d33943
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/ProcessNode.java
@@ -0,0 +1,69 @@
+package at.gv.egovernment.moa.id.process.model;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import com.datentechnik.process_engine.ProcessDefinitionParser;
+
+/**
+ * Represents a {@link StartEvent}, an {@link EndEvent} or a {@linkplain TaskInfo Task}.
+ * @author tknall
+ *
+ */
+public abstract class ProcessNode {
+
+	private String id;
+	private List<Transition> outgoingTransitions = new ArrayList<>();
+	private List<Transition> incomingTransitions = new ArrayList<>();
+
+	/**
+	 * Returns the unique identifier of the process node.
+	 * 
+	 * @return The unique identifier (never {@code null} if process node comes from a process definition from
+	 *         {@link ProcessDefinitionParser}).
+	 */
+	public String getId() {
+		return id;
+	}
+
+	/**
+	 * Sets the unique identifier of the process node.
+	 * @param id The unique identifier.
+	 */
+	public void setId(String id) {
+		this.id = id;
+	}
+
+	/**
+	 * Returns a list of transitions pointing from this process node to another one.
+	 * @return A list of transitions (never {@code null} if process node comes from a process definition from {@link ProcessDefinitionParser}).
+	 */
+	public List<Transition> getOutgoingTransitions() {
+		return outgoingTransitions;
+	}
+
+	/**
+	 * Sets the list of transitions pointing from this process node to another one.
+	 * @param outgoingTransitions The list of transitions originating from this process node.
+	 */
+	public void setOutgoingTransitions(List<Transition> outgoingTransitions) {
+		this.outgoingTransitions = outgoingTransitions;
+	}
+
+	/**
+	 * Returns a list of transitions pointing from another process node to this one.
+	 * @return A list of transitions (never {@code null} if process node comes from a process definition from {@link ProcessDefinitionParser}).
+	 */
+	public List<Transition> getIncomingTransitions() {
+		return incomingTransitions;
+	}
+
+	/**
+	 * Sets the list of transitions pointing from another process node to this one.
+	 * @param incomingTransitions A list of transitions pointing to this process node.
+	 */
+	public void setIncomingTransitions(List<Transition> incomingTransitions) {
+		this.incomingTransitions = incomingTransitions;
+	}
+	
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/StartEvent.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/StartEvent.java
new file mode 100644
index 000000000..60175e09c
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/StartEvent.java
@@ -0,0 +1,45 @@
+package at.gv.egovernment.moa.id.process.model;
+
+import java.io.Serializable;
+
+import org.apache.commons.collections4.CollectionUtils;
+
+/**
+ * Represents a start event. Each process description contains a single start event. Process execution starts with a
+ * start event.
+ * 
+ * @author tknall
+ * 
+ */
+public class StartEvent extends ProcessNode implements Serializable {
+
+	private static final long serialVersionUID = 1L;
+
+	@Override
+	public String toString() {
+		StringBuilder builder = new StringBuilder();
+		builder.append("StartEvent [");
+		if (getId() != null) {
+			builder.append("id=");
+			builder.append(getId());
+		}
+		if (CollectionUtils.isNotEmpty(getIncomingTransitions())) {
+			if (builder.length() > 0) {
+				builder.append(", ");
+			}
+			builder.append("incomingTransitions=");
+			builder.append(getIncomingTransitions());
+		}
+		if (CollectionUtils.isNotEmpty(getOutgoingTransitions())) {
+			if (builder.length() > 0) {
+				builder.append(", ");
+			}
+			builder.append("outgoingTransitions=");
+
+			builder.append(getOutgoingTransitions());
+		}
+		builder.append("]");
+		return builder.toString();
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/TaskInfo.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/TaskInfo.java
new file mode 100644
index 000000000..b7f13a880
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/TaskInfo.java
@@ -0,0 +1,94 @@
+package at.gv.egovernment.moa.id.process.model;
+
+import java.io.Serializable;
+
+import org.apache.commons.collections4.CollectionUtils;
+
+import com.datentechnik.process_engine.api.Task;
+
+/**
+ * Represents information about a single task to be performed upon process execution.
+ * @author tknall
+ *
+ */
+public class TaskInfo extends ProcessNode implements Serializable {
+
+	private static final long serialVersionUID = 1L;
+	private static final boolean DEFAULT_ASYNC = false;
+	
+	private String taskImplementingClass;
+	private boolean async = DEFAULT_ASYNC;
+	
+	/**
+	 * Determines if the task is marked asynchronous ({@code true}) or synchronous ({@code false}).
+	 * @return A flag indicating if the task should be executed asynchronously or synchronously. (Default: {@code false})
+	 */
+	public boolean isAsync() {
+		return async;
+	}
+
+	/**
+	 * Marks a task to executed asynchronously ({@code true}) or synchronously ({@code false}).
+	 * @param async The flag.
+	 */
+	public void setAsync(boolean async) {
+		this.async = async;
+	}
+
+	/**
+	 * Returns the class that implements the actual task (must implement {@link Task}).
+	 * @return The task implementing class.
+	 */
+	public String getTaskImplementingClass() {
+		return taskImplementingClass;
+	}
+
+	/**
+	 * Sets the class that implements the actual task (must implement {@link Task}).
+	 * @param taskImplementingClass The task implementing class.
+	 */
+	public void setTaskImplementingClass(String taskImplementingClass) {
+		this.taskImplementingClass = taskImplementingClass;
+	}
+
+	@Override
+	public String toString() {
+		StringBuilder builder = new StringBuilder();
+		if (getId() != null) {
+			builder.append("id=");
+			builder.append(getId());
+		}
+		if (async != DEFAULT_ASYNC) {
+			if (builder.length() > 0) {
+				builder.append(", ");
+			}
+			builder.append("async=");
+			builder.append(async);
+		}
+		if (taskImplementingClass != null) {
+			if (builder.length() > 0) {
+				builder.append(", ");
+			}
+			builder.append("taskImplementingClass=");
+			builder.append(taskImplementingClass);
+		}
+		if (CollectionUtils.isNotEmpty(getIncomingTransitions())) {
+			if (builder.length() > 0) {
+				builder.append(", ");
+			}
+			builder.append("incomingTransitions=");
+			builder.append(getIncomingTransitions());
+		}
+		if (CollectionUtils.isNotEmpty(getOutgoingTransitions())) {
+			if (builder.length() > 0) {
+				builder.append(", ");
+			}
+			builder.append("outgoingTransitions=");
+			builder.append(getOutgoingTransitions());
+		}
+		builder.insert(0, "TaskInfo [");
+		builder.append("]");
+		return builder.toString();
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/Transition.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/Transition.java
new file mode 100644
index 000000000..9d9c44c8c
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/model/Transition.java
@@ -0,0 +1,136 @@
+package at.gv.egovernment.moa.id.process.model;
+
+import java.io.Serializable;
+
+import com.datentechnik.process_engine.ProcessDefinitionParser;
+
+/**
+ * Represents a single transition from a {@link StartEvent} or {@linkplain TaskInfo Task} to another
+ * {@linkplain TaskInfo Task} or {@link EndEvent}.
+ * 
+ * @author tknall
+ * 
+ */
+public class Transition implements Serializable {
+
+	private static final long serialVersionUID = 1L;
+
+	private String id;
+	private String conditionExpression;
+	private ProcessNode from;
+	private ProcessNode to;
+
+	/**
+	 * Returns the process node (effectively a {@link StartEvent} or {@linkplain TaskInfo Task}) the transition is
+	 * pointing from.
+	 * 
+	 * @return The transition's source process node (never {@code null} if transition comes from a process definition
+	 *         from {@link ProcessDefinitionParser}).
+	 */
+	public ProcessNode getFrom() {
+		return from;
+	}
+
+	/**
+	 * Sets the process node the transition is pointing from.
+	 * 
+	 * @param from
+	 *            The transition's source process node.
+	 */
+	public void setFrom(ProcessNode from) {
+		this.from = from;
+	}
+
+	/**
+	 * Returns the process node (effectively a {@linkplain TaskInfo Task} or {@link EndEvent}) the transition is
+	 * pointing to.
+	 * 
+	 * @return The transition's destination process node (never {@code null} if transition comes from a process
+	 *         definition from {@link ProcessDefinitionParser}).
+	 */
+	public ProcessNode getTo() {
+		return to;
+	}
+
+	/**
+	 * Sets the process node the transition is pointing to.
+	 * 
+	 * @param to
+	 *            The transition's destination process node.
+	 */
+	public void setTo(ProcessNode to) {
+		this.to = to;
+	}
+
+	/**
+	 * Returns the unique identifier of the transition.
+	 * 
+	 * @return The unique identifier (may be {@code null}).
+	 */
+	public String getId() {
+		return id;
+	}
+
+	/**
+	 * Sets the unique identifier of the transition.
+	 * 
+	 * @param id
+	 *            The unique identifier.
+	 */
+	public void setId(String id) {
+		this.id = id;
+	}
+
+	/**
+	 * Returns the condition expression for this transition.
+	 * 
+	 * @return The condition expression (may be {@code null}).
+	 */
+	public String getConditionExpression() {
+		return conditionExpression;
+	}
+
+	/**
+	 * Sets the condition expression for this transition.
+	 * 
+	 * @param conditionExpression
+	 *            The condition expression.
+	 */
+	public void setConditionExpression(String conditionExpression) {
+		this.conditionExpression = conditionExpression;
+	}
+
+	@Override
+	public String toString() {
+		StringBuilder builder = new StringBuilder();
+		if (id != null) {
+			builder.append("id=");
+			builder.append(id);
+		}
+		if (from != null) {
+			if (builder.length() > 0) {
+				builder.append(", ");
+			}
+			builder.append("from.id=");
+			builder.append(from.getId());
+		}
+		if (to != null) {
+			if (builder.length() > 0) {
+				builder.append(", ");
+			}
+			builder.append("to.id=");
+			builder.append(to.getId());
+		}
+		if (conditionExpression != null) {
+			if (builder.length() > 0) {
+				builder.append(", ");
+			}
+			builder.append("conditionExpression=");
+			builder.append(conditionExpression);
+		}
+		builder.insert(0, "Transition [");
+		builder.append("]");
+		return builder.toString();
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/spring/SpringExpressionEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/spring/SpringExpressionEvaluator.java
new file mode 100644
index 000000000..1c91cf780
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/spring/SpringExpressionEvaluator.java
@@ -0,0 +1,61 @@
+package at.gv.egovernment.moa.id.process.spring;
+
+import java.util.Objects;
+
+import javax.annotation.PostConstruct;
+
+import org.apache.commons.lang3.BooleanUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.expression.BeanFactoryResolver;
+import org.springframework.expression.Expression;
+import org.springframework.expression.ExpressionParser;
+import org.springframework.expression.spel.standard.SpelExpressionParser;
+import org.springframework.expression.spel.support.StandardEvaluationContext;
+
+import com.datentechnik.process_engine.api.ExpressionEvaluationContext;
+import com.datentechnik.process_engine.api.ExpressionEvaluator;
+import com.datentechnik.process_engine.model.Transition;
+
+/**
+ * Expression evaluator for processing {@link Transition} conditions allowing to reference Spring beans from the
+ * application context.
+ * 
+ * @author tknall
+ * 
+ */
+public class SpringExpressionEvaluator implements ExpressionEvaluator {
+
+	private Logger log = LoggerFactory.getLogger(getClass());
+	private ExpressionParser parser = new SpelExpressionParser();
+	private StandardEvaluationContext evaluationContext = new StandardEvaluationContext();
+
+	@Autowired(required = false)
+	private ApplicationContext ctx;
+
+	@PostConstruct
+	private void init() {
+		if (ctx != null) {
+			evaluationContext.setBeanResolver(new BeanFactoryResolver(ctx));
+		}
+	}
+
+	@Override
+	public boolean evaluate(ExpressionEvaluationContext expressionContext, String expression) {
+		Objects.requireNonNull(expression, "Expression must not be null.");
+		log.trace("Evaluating '{}'.", expression);
+
+		Expression expr = parser.parseExpression(expression);
+		Boolean result = expr.getValue(evaluationContext, expressionContext, Boolean.class);
+		if (result == null) {
+			log.warn("Evaluation of '{}' results in null-value.", expression);
+		} else {
+			log.debug("Expression '{}' -> {}", expression, result);
+		}
+
+		return BooleanUtils.isTrue(result);
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/AbstractAuthSourceServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/AbstractAuthSourceServlet.java
new file mode 100644
index 000000000..4b5af854e
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/AbstractAuthSourceServlet.java
@@ -0,0 +1,116 @@
+package at.gv.egovernment.moa.id.process.springweb;
+
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.BeansException;
+import org.springframework.beans.factory.NoSuchBeanDefinitionException;
+import org.springframework.beans.factory.NoUniqueBeanDefinitionException;
+import org.springframework.web.context.WebApplicationContext;
+import org.springframework.web.context.support.WebApplicationContextUtils;
+
+import com.datentechnik.process_engine.ProcessEngine;
+import com.datentechnik.process_engine.ProcessInstance;
+import com.datentechnik.process_engine.api.ExecutionContext;
+
+/**
+ * Abstract HttpServlet that provides means for retrieving the process engine (Spring Web required) as well as
+ * retrieving the underlying process instance and execution context evaluating a certain request parameter.
+ * 
+ * @author tknall
+ * 
+ */
+public abstract class AbstractAuthSourceServlet extends HttpServlet {
+
+	private static final long serialVersionUID = 1L;
+
+	private ProcessEngine processEngine;
+	
+	/**
+	 * Returns the name of the request parameter representing the respective instance id.
+	 * <p/>Default is {@code processInstanceId}.
+	 * @return The request parameter name.
+	 */
+	public String getProcessInstanceIdParameterName() {
+		return "processInstanceId";
+	}
+
+	/**
+	 * Returns the underlying process engine instance.
+	 * 
+	 * @return The process engine (never {@code null}).
+	 * @throws NoSuchBeanDefinitionException
+	 *             if no {@link ProcessEngine} bean was found.
+	 * @throws NoUniqueBeanDefinitionException
+	 *             if more than one {@link ProcessEngine} bean was found.
+	 * @throws BeansException
+	 *             if a problem getting the {@link ProcessEngine} bean occurred.
+	 * @throws IllegalStateException
+	 *             if the Spring WebApplicationContext was not found, which means that the servlet is used outside a
+	 *             Spring web environment.
+	 */
+	public synchronized ProcessEngine getProcessEngine() {
+		if (processEngine == null) {
+			WebApplicationContext ctx = WebApplicationContextUtils.getWebApplicationContext(getServletContext());
+			if (ctx == null) {
+				throw new IllegalStateException(
+						"Unable to find Spring WebApplicationContext. Servlet needs to be executed within a Spring web environment.");
+			}
+			processEngine = ctx.getBean(ProcessEngine.class);
+		}
+		return processEngine;
+	}
+
+	/**
+	 * Retrieves the process instance referenced by the request parameter {@link #getProcessInstanceIdParameterName()}.
+	 * 
+	 * @param request
+	 *            The HttpServletRequest.
+	 * @return The process instance (never {@code null}).
+	 * @throws NoSuchBeanDefinitionException
+	 *             if no {@link ProcessEngine} bean was found.
+	 * @throws NoUniqueBeanDefinitionException
+	 *             if more than one {@link ProcessEngine} bean was found.
+	 * @throws BeansException
+	 *             if a problem getting the {@link ProcessEngine} bean occurred.
+	 * @throws IllegalStateException
+	 *             if the Spring WebApplicationContext was not found, which means that the servlet is used outside a
+	 *             Spring web environment.
+	 * @throws IllegalArgumentException
+	 *             in case the process instance id referenced by the request parameter
+	 *             {@link #getProcessInstanceIdParameterName()} does not exist.
+	 */
+	public ProcessInstance getProcessInstance(HttpServletRequest request) {
+		String processInstanceId = StringUtils.trimToNull(request.getParameter(getProcessInstanceIdParameterName()));
+		if (processInstanceId == null) {
+			throw new IllegalArgumentException("Missing request parameter '" + getProcessInstanceIdParameterName() + "'.");
+		}
+		return getProcessEngine().getProcessInstance(processInstanceId);
+	}
+
+	/**
+	 * Retrieves the execution context for the respective process instance referenced by the request parameter
+	 * {@link #getProcessInstanceIdParameterName()}.
+	 * 
+	 * @param request
+	 *            The HttpServletRequest.
+	 * @return The execution context (never {@code null}).
+	 * @throws NoSuchBeanDefinitionException
+	 *             if no {@link ProcessEngine} bean was found.
+	 * @throws NoUniqueBeanDefinitionException
+	 *             if more than one {@link ProcessEngine} bean was found.
+	 * @throws BeansException
+	 *             if a problem getting the {@link ProcessEngine} bean occurred.
+	 * @throws IllegalStateException
+	 *             if the Spring WebApplicationContext was not found, which means that the servlet is used outside a
+	 *             Spring web environment.
+	 * @throws IllegalArgumentException
+	 *             in case the process instance id referenced by the request parameter
+	 *             {@link #getProcessInstanceIdParameterName()} does not exist.
+	 */
+	public ExecutionContext getExecutionContext(HttpServletRequest request) {
+		return getProcessInstance(request).getExecutionContext();
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/AbstractSpringWebSupportedTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/AbstractSpringWebSupportedTask.java
new file mode 100644
index 000000000..1f7fb7690
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/AbstractSpringWebSupportedTask.java
@@ -0,0 +1,73 @@
+package at.gv.egovernment.moa.id.process.springweb;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.web.context.request.RequestAttributes;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+import org.springframework.web.filter.RequestContextFilter;
+
+import com.datentechnik.process_engine.api.ExecutionContext;
+import com.datentechnik.process_engine.api.Task;
+
+/**
+ * Abstract task implementation providing {@link HttpServletRequest} and {@link HttpServletResponse}.
+ * <p/>
+ * Note that this abstract task requires the Spring (web) framework including a {@link RequestContextFilter} to be set
+ * within {@code web.xml}.
+ * 
+ * <pre>
+ * ...
+ * &lt;filter&gt;
+ *   &lt;filter-name&gt;requestContextFilter&lt;/filter-name&gt;
+ *   &lt;filter-class&gt;org.springframework.web.filter.RequestContextFilter&lt;/filter-class&gt;
+ * &lt;/filter&gt;
+ * &lt;filter-mapping&gt;
+ *   &lt;filter-name&gt;requestContextFilter&lt;/filter-name&gt;
+ *   &lt;url-pattern&gt;/*&lt;/url-pattern&gt;
+ * &lt;/filter-mapping&gt;
+ * ...
+ * </pre>
+ * 
+ * @author tknall
+ * 
+ */
+public abstract class AbstractSpringWebSupportedTask implements Task {
+
+	/**
+	 * Executes the task providing the underlying {@link ExecutionContext} {@code executionContext} as well as the
+	 * respective {@link HttpServletRequest} and {@link HttpServletResponse}.
+	 * 
+	 * @param executionContext
+	 *            The execution context (never {@code null}).
+	 * @param request
+	 *            The HttpServletRequest (never {@code null}).
+	 * @param response
+	 *            The HttpServletResponse (never {@code null}).
+	 * @throws IllegalStateException
+	 *             Thrown in case the task is nur being run within the required environment. Refer to javadoc for
+	 *             further information.
+	 * @throws Exception
+	 *             Thrown in case of error executing the task.
+	 */
+	public abstract void execute(ExecutionContext executionContext, HttpServletRequest request,
+			HttpServletResponse response) throws Exception;
+
+	@Override
+	public void execute(ExecutionContext executionContext) throws Exception {
+		RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
+		if (requestAttributes != null && requestAttributes instanceof ServletRequestAttributes) {
+			HttpServletRequest request = ((ServletRequestAttributes) requestAttributes).getRequest();
+			HttpServletResponse response = ((ServletRequestAttributes) requestAttributes).getResponse();
+			if (request == null || response == null) {
+				throw new IllegalStateException(
+						"Spring's RequestContextHolder did not provide HttpServletResponse. Did you forget to set the required org.springframework.web.filter.RequestContextFilter in your web.xml.");
+			}
+			execute(executionContext, request, response);
+		} else {
+			throw new IllegalStateException("Task needs to be executed within a Spring web environment.");
+		}
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/support/SecureRandomHolder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/support/SecureRandomHolder.java
new file mode 100644
index 000000000..72677739a
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/support/SecureRandomHolder.java
@@ -0,0 +1,35 @@
+package at.gv.egovernment.moa.id.process.support;
+
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+
+/**
+ * Holder for a secure random instance following the initialization on demand holder design pattern. The secure random
+ * instance is a singleton that is initialized on first usage.
+ * 
+ * @author tknall
+ * 
+ */
+public class SecureRandomHolder {
+
+	private SecureRandomHolder() {
+	}
+
+	private static final SecureRandom SRND_INSTANCE;
+	static {
+		try {
+			SRND_INSTANCE = SecureRandom.getInstance("SHA1PRNG");
+		} catch (NoSuchAlgorithmException e) {
+			throw new RuntimeException("Unable to instantiate SHA1PRNG.", e);
+		}
+	}
+
+	/**
+	 * Returns a secure random generator instance.
+	 * @return The secure random instance.
+	 */
+	public static SecureRandom getInstance() {
+		return SecureRandomHolder.SRND_INSTANCE;
+	}
+
+}
\ No newline at end of file
diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.moduleregistration.AuthModule b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.moduleregistration.AuthModule
new file mode 100644
index 000000000..22f39a923
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.moduleregistration.AuthModule
@@ -0,0 +1,2 @@
+# The default moaid process
+at.gv.egovernment.moa.id.moduls.moduleregistration.AuthModuleImpl
\ No newline at end of file
diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.modulregistration.AuthModule b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.modulregistration.AuthModule
deleted file mode 100644
index 0d7e98006..000000000
--- a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.modulregistration.AuthModule
+++ /dev/null
@@ -1,2 +0,0 @@
-# The default moaid process
-at.gv.egovernment.moa.id.moduls.modulregistration.AuthModuleImpl
\ No newline at end of file
diff --git a/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/process/ProcessDefinition.xsd b/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/process/ProcessDefinition.xsd
new file mode 100644
index 000000000..42db4f807
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/process/ProcessDefinition.xsd
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+	targetNamespace="http://www.datentechnik.com/process-engine/processdefinition/v1"
+	xmlns:tns="http://www.datentechnik.com/process-engine/processdefinition/v1"
+	elementFormDefault="qualified" version="1.0">
+
+	<xsd:element name="ProcessDefinition">
+		<xsd:complexType>
+			<xsd:sequence>
+				<xsd:choice minOccurs="0" maxOccurs="unbounded">
+					<xsd:element name="StartEvent" type="tns:StartEventType" />
+					<xsd:element name="Task" type="tns:TaskType" />
+					<xsd:element name="Transition" type="tns:TransitionType" />
+					<xsd:element name="EndEvent" type="tns:EndEventType" />
+				</xsd:choice>
+			</xsd:sequence>
+			<xsd:attribute name="id" type="xsd:ID" use="required" />
+		</xsd:complexType>
+	</xsd:element>
+
+	<xsd:complexType name="ProcessNodeType" abstract="true">
+		<xsd:attribute name="id" type="xsd:ID" use="required" />
+	</xsd:complexType>
+
+	<xsd:complexType name="StartEventType">
+		<xsd:complexContent>
+			<xsd:extension base="tns:ProcessNodeType" />
+		</xsd:complexContent>
+	</xsd:complexType>
+
+	<xsd:complexType name="TransitionType">
+		<xsd:attribute name="from" type="xsd:IDREF" use="required" />
+		<xsd:attribute name="to" type="xsd:IDREF" use="required" />
+		<xsd:attribute name="id" type="xsd:ID" />
+		<xsd:attribute name="conditionExpression" type="xsd:string" />
+	</xsd:complexType>
+
+	<xsd:complexType name="EndEventType">
+		<xsd:complexContent>
+			<xsd:extension base="tns:ProcessNodeType" />
+		</xsd:complexContent>
+	</xsd:complexType>
+
+	<xsd:complexType name="TaskType">
+		<xsd:complexContent>
+			<xsd:extension base="tns:ProcessNodeType">
+				<xsd:attribute name="async" type="xsd:boolean" default="false"/>
+				<xsd:attribute name="class" type="xsd:string" />
+			</xsd:extension>
+		</xsd:complexContent>
+	</xsd:complexType>
+
+</xsd:schema>
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SampleProcessDefinitionForSAML1Authentication.xml b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SampleProcessDefinitionForSAML1Authentication.xml
new file mode 100644
index 000000000..6525fb0cd
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SampleProcessDefinitionForSAML1Authentication.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<pd:ProcessDefinition xmlns:pd="http://www.datentechnik.com/process-engine/processdefinition/v1"
+	id="SampleProcessDefinitionForSAML1Authentication">
+
+	<!--
+		returns String 'bkuURL'
+	-->
+	<pd:Task id="bkuSelectionTask" class="com.datentechnik.process_engine.spring.test.task.SelectBKUTask" />
+
+	<!--
+		requires 'bkuURL'
+		returns String 'IdentityLink'
+	-->
+	<pd:Task id="getIdentityLinkTask" class="com.datentechnik.process_engine.spring.test.task.GetIdentityLinkTask" />
+
+	<!--
+		requires 'IdentityLink'
+		returns Boolean 'isIdentityLinkValidated'
+	-->
+	<pd:Task id="validateIdentityLinkTask" class="com.datentechnik.process_engine.spring.test.task.ValidateIdentityLinkTask" />
+
+	<!--
+		requires 'IdentityLink', 'isIdentityLinkValidated', 'bkuURL'
+		returns String 'SignedAuthBlock'
+	-->
+	<pd:Task id="signAuthBlockTask" class="com.datentechnik.process_engine.spring.test.task.SignAuthBlockTask" />
+
+	<!--
+		requires 'IdentityLink', 'isIdentityLinkValidated', 'SignedAuthBlock'
+		returns Boolean 'isSignedAuthBlockValidated'
+	-->
+	<pd:Task id="validateSignedAuthBlockTask" class="com.datentechnik.process_engine.spring.test.task.ValidateSignedAuthBlockTask" />
+	
+	<!--
+		requires 'IdentityLink', 'isIdentityLinkValidated', 'SignedAuthBlock', 'isSignedAuthBlockValidated';
+		returns 'SAML1Assertion'
+	-->
+	<pd:Task id="createAssertionTask" class="com.datentechnik.process_engine.spring.test.task.CreateSAML1AssertionTask" />
+
+	<pd:StartEvent id="start" />
+	<pd:EndEvent id="end" />
+
+	<pd:Transition from="start" to="bkuSelectionTask"    conditionExpression="ctx['bkuURL'] == null" />
+	<pd:Transition from="start" to="getIdentityLinkTask"  />
+	
+	<pd:Transition from="bkuSelectionTask"            to="getIdentityLinkTask" />
+	<pd:Transition from="getIdentityLinkTask"         to="validateIdentityLinkTask" />
+	<pd:Transition from="validateIdentityLinkTask"    to="signAuthBlockTask"            conditionExpression="ctx['isIdentityLinkValidated']" />
+	<pd:Transition from="signAuthBlockTask"           to="validateSignedAuthBlockTask" />
+	<pd:Transition from="validateSignedAuthBlockTask" to="createAssertionTask"          conditionExpression="ctx['isSignedAuthBlockValidated']" />
+	
+	<pd:Transition from="createAssertionTask" to="end" />
+
+</pd:ProcessDefinition>
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SampleProcessDefinitionWithExpression1.xml b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SampleProcessDefinitionWithExpression1.xml
new file mode 100644
index 000000000..ef71026ec
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SampleProcessDefinitionWithExpression1.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<pd:ProcessDefinition xmlns:pd="http://www.datentechnik.com/process-engine/processdefinition/v1"
+	id="SampleProcessWithExpression1">
+
+	<pd:Task id="task1" />
+	<pd:Task id="task2" />
+	<pd:Task id="task3" />
+	<pd:Task id="task4" />
+
+	<pd:StartEvent id="start" />
+	<pd:EndEvent id="end" />
+
+	<pd:Transition from="start" to="task1" conditionExpression="'true'" />
+	<pd:Transition from="task1" to="task2" conditionExpression="'true'" />
+	<pd:Transition from="task2" to="task3" conditionExpression="'true'" />
+	<pd:Transition from="task3" to="task4" conditionExpression="'true'" />
+	<pd:Transition from="task4" to="end"   conditionExpression="'true'" />
+	
+</pd:ProcessDefinition>
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml
new file mode 100644
index 000000000..eb62d1ae2
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:task="http://www.springframework.org/schema/task"
+	xsi:schemaLocation="http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task.xsd
+		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
+
+	<bean id="springElAwareExpressionEvaluator" class="com.datentechnik.process_engine.spring.SpringExpressionEvaluator" />
+	
+	<bean id="processEngine" class="com.datentechnik.process_engine.ProcessEngineImpl">
+		<property name="transitionConditionExpressionEvaluator" ref="springElAwareExpressionEvaluator" />
+		<property name="processInstanceMaxIdleTimeSeconds" value="600" />
+		<property name="processDefinitions">
+			<list>
+				<bean class="com.datentechnik.process_engine.spring.ProcessDefinitionFactoryBean">
+					<property name="resource" value="classpath:com/datentechnik/process_engine/spring/test/SampleProcessDefinitionWithExpression1.xml" />
+				</bean>
+				<bean class="com.datentechnik.process_engine.spring.ProcessDefinitionFactoryBean">
+					<property name="resource" value="classpath:com/datentechnik/process_engine/spring/test/SampleProcessDefinitionForSAML1Authentication.xml" />
+				</bean>
+			</list>
+		</property>
+	</bean>
+	
+	<task:scheduler id="taskScheduler" pool-size="1" />
+	<task:scheduled-tasks scheduler="taskScheduler">
+		<task:scheduled ref="processEngine" method="cleanup" fixed-delay="60000" />
+	</task:scheduled-tasks>
+
+</beans>
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionEvaluatorTest-context.xml b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionEvaluatorTest-context.xml
new file mode 100644
index 000000000..dadc6bf81
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionEvaluatorTest-context.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
+
+	<bean id="simplePojo" class="com.datentechnik.process_engine.spring.test.SimplePojo">
+		<property name="booleanValue" value="true" />
+		<property name="integerValue" value="42" />
+		<property name="stringValue" value="HelloWorld" />
+	</bean>
+	
+	<bean id="expressionEvaluator" class="com.datentechnik.process_engine.spring.SpringExpressionEvaluator" />
+
+</beans>
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/IdentityLink_Max_Mustermann.xml b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/IdentityLink_Max_Mustermann.xml
new file mode 100644
index 000000000..c68972f13
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/IdentityLink_Max_Mustermann.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:ecdsa="http://www.w3.org/2001/04/xmldsig-more#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:si="http://www.w3.org/2001/XMLSchema-instance" AssertionID="szr.bmi.gv.at-AssertionID132860852347311974" IssueInstant="2012-02-07T10:55:23+01:00" Issuer="http://portal.bmi.gv.at/ref/szr/issuer" MajorVersion="1" MinorVersion="0">
+	<saml:AttributeStatement>
+		<saml:Subject>
+			<saml:SubjectConfirmation>
+				<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+				<saml:SubjectConfirmationData>
+					<pr:Person si:type="pr:PhysicalPersonType"><pr:Identification><pr:Value>tqCQEC7+AqGEeeL390V5Jg==</pr:Value><pr:Type>urn:publicid:gv.at:baseid</pr:Type></pr:Identification><pr:Name><pr:GivenName>Max</pr:GivenName><pr:FamilyName primary="undefined">Mustermann</pr:FamilyName></pr:Name><pr:DateOfBirth>1940-01-01</pr:DateOfBirth></pr:Person>
+				</saml:SubjectConfirmationData>
+			</saml:SubjectConfirmation>
+		</saml:Subject>
+	<saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="urn:publicid:gv.at:namespaces:identitylink:1.2"><saml:AttributeValue><ecdsa:ECDSAKeyValue><ecdsa:DomainParameters><ecdsa:NamedCurve URN="urn:oid:1.2.840.10045.3.1.7"/></ecdsa:DomainParameters><ecdsa:PublicKey><ecdsa:X Value="111409151487007036894649069746411000129419717653159596280366627647453458115517" si:type="ecdsa:PrimeFieldElemType"/><ecdsa:Y Value="94725036374184689337892465478597728884477416796494369571140658859618867645034" si:type="ecdsa:PrimeFieldElemType"/></ecdsa:PublicKey></ecdsa:ECDSAKeyValue></saml:AttributeValue></saml:Attribute></saml:AttributeStatement>
+	<dsig:Signature>
+		<dsig:SignedInfo>
+			<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+			<dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+			<dsig:Reference URI="">
+				<dsig:Transforms>
+					<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+						<dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath>
+					</dsig:Transform>
+					<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+				</dsig:Transforms>
+				<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+				<dsig:DigestValue>Rmr5vkWXL/PvpoXnbK632QmzYms=</dsig:DigestValue>
+			</dsig:Reference>
+			<dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI="#manifest">
+				<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+				<dsig:DigestValue>HoPZWYll8aMFpKOlRSwckt5iCQk=</dsig:DigestValue>
+			</dsig:Reference>
+		</dsig:SignedInfo>
+		<dsig:SignatureValue>
+    NPpRwVo5/5kf5iHUyaEc7d7So3W4oPgOCYNgnKpgdZfttFkFFN+9oG60w7YvKEYSeTPhP3zp7eaH
+ZFapj+naD+wd0y5ELWep9Y+s+qP7fNLrFECHQxQasLWtR4akxlWDpYQ0bvOuepK2ip1EQ6pRlccA
+wJ1l4iOWFhfdA9YAg5QLkBqWSwgrNUswhLnDBM+Ot6Gj5g2rpYY7aoAOXvTR8B5Dkg94ASb4u0wv
+VPV8+4mjOfP+l6QWLqywzcq3qj/qFZkbujjZbV/fNPDnDD1ff/M6ZfCGO8xzlYfjfEA7cmHuiJf2
+/ey/3nT7vI5XbpBPWChT5Sl4DQysxlfE6e4MZw==
+  </dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIF3TCCBMWgAwIBAgIDByniMA0GCSqGSIb3DQEBBQUAMIGfMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMSIwIAYDVQQLDBlhLXNpZ24tY29ycG9yYXRlLWxpZ2h0LTAyMSIwIAYDVQQDDBlhLXNpZ24tY29ycG9yYXRlLWxpZ2h0LTAyMB4XDTEwMDcyODExMzY0M1oXDTE1MDcyODExMzY0M1owgbYxCzAJBgNVBAYTAkFUMR4wHAYDVQQKDBVEYXRlbnNjaHV0emtvbW1pc3Npb24xIjAgBgNVBAsMGVN0YW1temFobHJlZ2lzdGVyYmVob2VyZGUxLjAsBgNVBAMMJVNpZ25hdHVyc2VydmljZSBEYXRlbnNjaHV0emtvbW1pc3Npb24xFTATBgNVBAUTDDMyNTkyODMyMzk5ODEcMBoGCSqGSIb3DQEJARYNZHNrQGRzay5ndi5hdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+dBSEBGj2jUXIK1Mp3lVxc/Za+pJMiyKrX3G1ZxgX/ikx7D9scsPYMt473LlAWl9cmCbHbJK+PV2XNNdURLMUCIX+4vUNs2MHeDTQtX8BXjJFpwJYSoaRJQ39FVS/1r5sWcra9Hhdm7w5Gtx/2ukyDX0kdkxawkhP4EQEzi/SI+Fugn+WqgQ1nAdlbxb/dcBw5w1h9b3lmuwUf4z3ooQWUD2DgA/kKd1KejNR43mLUsmvSzevPxT9zs78pOR1OacB7IszTVJPXeOEaaNZHnnB/UeO3g8LEV/3OkXcUgcMkbIIiaBHlll71Pq0COj9kqjXoe7OrRjLY5i3KwOpa6TMCAwEAAaOCAgcwggIDMBMGA1UdIwQMMAqACEkcWDpP6A0DMH8GCCsGAQUFBwEBBHMwcTAnBggrBgEFBQcwAYYbaHR0cDovL29jc3AuYS10cnVzdC5hdC9vY3NwMEYGCCsGAQUFBzAChjpodHRwOi8vd3d3LmEtdHJ1c3QuYXQvY2VydHMvYS1zaWduLWNvcnBvcmF0ZS1saWdodC0wMmEuY3J0MFQGA1UdIARNMEswSQYGKigAEQESMD8wPQYIKwYBBQUHAgEWMWh0dHA6Ly93d3cuYS10cnVzdC5hdC9kb2NzL2NwL2Etc2lnbi1BbXRzc2lnbmF0dXIwgZ4GA1UdHwSBljCBkzCBkKCBjaCBioaBh2xkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLWNvcnBvcmF0ZS1saWdodC0wMixvPUEtVHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0Y2xhc3M9ZWlkQ2VydGlmaWNhdGlvbkF1dGhvcml0eTARBgNVHQ4ECgQITAgOnhr0tbowDgYDVR0PAQH/BAQDAgSwMCAGA1UdEQQZMBeBFW1hcmN1cy5oaWxkQGRzay5ndi5hdDAJBgNVHRMEAjAAMA4GByooAAoBBwEEAwEB/zAUBgcqKAAKAQEBBAkMB0JTQi1EU0swDQYJKoZIhvcNAQEFBQADggEBAHTklnvPCH/bJSOlIPbLUEkSGuFHsektSZ8Vr22x/Yv7EzsxoQrJIiz2mQ2gQqFuExdWYxvsowjiSbiis9iUf1c0zscvDS3mIZxGs4M89XHsjHnIyb+Fuwnamw65QrFvM1tNB1ZMjxJ3x+YmHLHdtT3BEBcr3/NCRHd2S0HoBspNz9HVgJaZY1llR7poKBvnAc4g1i+QTvyVb00PtKxR9Lw/9ABInX/1pzpxqrPy7Ib2OP8z6dd3WHmIsCiSHUaj0Dxwwln6fYJjhxZ141SnbovlCLYtrsZLXoi9ljIqX4xO0PwMI2RfNc9cXxTRrRS6rEOvX7PpvgXiDXhp592Yyp4=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo>
+		<dsig:Object>
+			<dsig:Manifest Id="manifest">
+				<dsig:Reference URI="">
+					<dsig:Transforms>
+						<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+							<dsig:XPath>not(ancestor-or-self::dsig:Signature)</dsig:XPath>
+						</dsig:Transform>
+					</dsig:Transforms>
+					<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+					<dsig:DigestValue>7IkIdYti2dh3VZQ4Fp+9lPT67cM=</dsig:DigestValue>
+				</dsig:Reference>
+			</dsig:Manifest>
+		</dsig:Object>
+	</dsig:Signature>
+</saml:Assertion>
\ No newline at end of file
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SAML1Assertion.xml b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SAML1Assertion.xml
new file mode 100644
index 000000000..3aeedd590
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SAML1Assertion.xml
@@ -0,0 +1,487 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<saml:Assertion AssertionID="6025428631468682100" IssueInstant="2008-07-14T17:51:38+02:00" Issuer="https://localhost:18443/moa-id-auth/" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:si="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+  <saml:AttributeStatement>
+	 <saml:Subject>
+		<saml:NameIdentifier NameQualifier="urn:publicid:gv.at:wbpk+FN+www.act.at">K2YMyx3/5kIpNJR+SAD/rbRYH+c=</saml:NameIdentifier>
+		<saml:SubjectConfirmation>
+		  <saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod>
+		  <saml:SubjectConfirmationData>
+			 <saml:Assertion AssertionID="any" IssueInstant="2008-07-14T17:51:26+02:00" Issuer="Thomas Knall" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+				<saml:AttributeStatement>
+				  <saml:Subject>
+					 <saml:NameIdentifier>https://localhost:18443/moa-id-auth/</saml:NameIdentifier>
+				  </saml:Subject>
+				  <saml:Attribute AttributeName="wbPK" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+					 <saml:AttributeValue>
+						<pr:Identification>
+						  <pr:Value>K2YMyx3/5kIpNJR+SAD/rbRYH+c=</pr:Value>
+						  <pr:Type>urn:publicid:gv.at:wbpk+FN+www.act.at</pr:Type>
+						</pr:Identification>
+					 </saml:AttributeValue>
+				  </saml:Attribute>
+				  <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+					 <saml:AttributeValue>https://localhost:48443/mandates/</saml:AttributeValue>
+				  </saml:Attribute>
+				  <saml:Attribute AttributeName="Geburtsdatum" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+					 <saml:AttributeValue>1978-04-29</saml:AttributeValue>
+				  </saml:Attribute>
+				  <saml:Attribute AttributeName="RepresentationType" AttributeNamespace="http://reference.e-government.gv.at/namespace/mandates/20040701#">
+					 <saml:AttributeValue>Vollmachtsvertreter</saml:AttributeValue>
+				  </saml:Attribute>
+				  <saml:Attribute AttributeName="MandatorName" AttributeNamespace="http://reference.e-government.gv.at/namespace/mandates/20040701#">
+					 <saml:AttributeValue>MeineTestFirma</saml:AttributeValue>
+				  </saml:Attribute>
+				  <saml:Attribute AttributeName="MandatorWbpk" AttributeNamespace="http://reference.e-government.gv.at/namespace/mandates/20040701#">
+					 <saml:AttributeValue>123456i</saml:AttributeValue>
+				  </saml:Attribute>
+				</saml:AttributeStatement>
+				<dsig:Signature Id="signature-1216050695-35956125-21395" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+				  <dsig:SignedInfo>
+					 <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+					 <dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/>
+					 <dsig:Reference Id="signed-data-reference-0-1216050695-35956125-19584" URI="">
+						<dsig:Transforms>
+						  <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+						  <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+							 <xsl:stylesheet version="1.0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+								<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+								  <html xmlns="http://www.w3.org/1999/xhtml">
+									 <head>
+										<title>Signatur der Anmeldedaten</title>
+										<style media="screen" type="text/css">
+		  .boldstyle { font-weight: bold; }
+		  .italicstyle { font-style: italic; }
+		  .annotationstyle { font-size: small; }
+		  </style>
+									 </head>
+									 <body>
+										<h1>Signatur der Anmeldedaten</h1>
+										<p/>
+										<h4>Mit meiner elektronischen Signatur beantrage ich,
+			 <span class="boldstyle">
+											 <xsl:value-of select="//@Issuer"/>
+										  </span>, geboren am
+			 <xsl:value-of select="substring(//saml:Attribute[@AttributeName=&apos;Geburtsdatum&apos;]/saml:AttributeValue,9,2)"/>.
+			 <xsl:value-of select="substring(//saml:Attribute[@AttributeName=&apos;Geburtsdatum&apos;]/saml:AttributeValue,6,2)"/>.
+			 <xsl:value-of select="substring(//saml:Attribute[@AttributeName=&apos;Geburtsdatum&apos;]/saml:AttributeValue,1,4)"/>,
+			 <xsl:if test="//saml:Attribute[@AttributeName=&apos;OIDTextualDescription&apos;]">
+				in der Rolle als <xsl:value-of select="//saml:Attribute[@AttributeName=&apos;OIDTextualDescription&apos;]/saml:AttributeValue"/>
+				(OID***= <xsl:value-of select="//saml:Attribute[@AttributeName=&apos;OID&apos;]/saml:AttributeValue"/>),
+			 </xsl:if>
+			 den Zugang zur gesicherten Anwendung.
+		  </h4>
+										<p/>
+										<h4>Datum und Uhrzeit:
+			 <xsl:value-of select="substring(//@IssueInstant,9,2)"/>.
+			 <xsl:value-of select="substring(//@IssueInstant,6,2)"/>.
+			 <xsl:value-of select="substring(//@IssueInstant,1,4)"/>,
+			 <xsl:value-of select="substring(//@IssueInstant,12,2)"/>:
+			 <xsl:value-of select="substring(//@IssueInstant,15,2)"/>:
+			 <xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+										</h4>
+										<xsl:if test="//saml:Attribute[@AttributeName=&apos;HPI&apos;]">
+										  <h4>HPI(**): <xsl:value-of select="//saml:Attribute[@AttributeName=&apos;HPI&apos;]/saml:AttributeValue"/>
+										  </h4>
+										</xsl:if>
+										<xsl:if test="//saml:Attribute[@AttributeName=&apos;wbPK&apos;]">
+										  <h4>wbPK(*): <xsl:value-of select="//saml:Attribute[@AttributeName=&apos;wbPK&apos;]/saml:AttributeValue/pr:Identification/pr:Value"/>
+										  </h4>
+										</xsl:if>
+										<xsl:if test="//saml:Attribute[@AttributeName=&apos;MandatorName&apos;]">
+										  <hr/>
+										  <h4>Ich bin weiters ermächtigt als <xsl:value-of select="//saml:Attribute[@AttributeName=&apos;RepresentationType&apos;]/saml:AttributeValue/text()"/>
+				von <xsl:value-of select="//saml:Attribute[@AttributeName=&apos;MandatorName&apos;]/saml:AttributeValue/text()"/>
+											 <xsl:if test="//saml:Attribute[@AttributeName=&apos;MandatorDateOfBirth&apos;]">, geboren am
+				  <xsl:value-of select="substring(//saml:Attribute[@AttributeName=&apos;MandatorDateOfBirth&apos;]/saml:AttributeValue,9,2)"/>.
+				  <xsl:value-of select="substring(//saml:Attribute[@AttributeName=&apos;MandatorDateOfBirth&apos;]/saml:AttributeValue,6,2)"/>.
+				  <xsl:value-of select="substring(//saml:Attribute[@AttributeName=&apos;MandatorDateOfBirth&apos;]/saml:AttributeValue,1,4)"/>
+											 </xsl:if>
+											 <xsl:if test="//saml:Attribute[@AttributeName=&apos;MandatorDomainIdentifier&apos;]">,
+				  <xsl:value-of select="//saml:Attribute[@AttributeName=&apos;MandatorDomainIdentifier&apos;]/saml:AttributeValue/text()"/>
+											 </xsl:if>, in deren Auftrag zu handeln.
+			 </h4>
+										  <xsl:if test="//saml:Attribute[@AttributeName=&apos;MandatorWbpk&apos;]">
+											 <h4>wbPK(*) des Vollmachtgebers: <xsl:value-of select="//saml:Attribute[@AttributeName=&apos;MandatorWbpk&apos;]/saml:AttributeValue/text()"/>
+											 </h4>
+										  </xsl:if>
+										  <p/>
+										</xsl:if>
+										<xsl:choose>
+										  <xsl:when test="//saml:Attribute[@AttributeName=&apos;OID&apos;]">
+											 <p/>
+											 <hr/>
+										  </xsl:when>
+										  <xsl:when test="//saml:Attribute[@AttributeName=&apos;HPI&apos;]">
+											 <p/>
+											 <hr/>
+										  </xsl:when>
+										  <xsl:when test="//saml:Attribute[@AttributeName=&apos;wbPK&apos;]">
+											 <p/>
+											 <hr/>
+										  </xsl:when>
+										</xsl:choose>
+										<xsl:if test="//saml:Attribute[@AttributeName=&apos;wbPK&apos;]">
+										  <div class="annotationstyle">(*) wbPK: Das <span class="italicstyle">wirtschaftsbereichsspezifische Personenkennzeichen</span> wird aus den
+			 jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum
+			 Wirtschaftsunternehmen.</div>
+										</xsl:if>
+										<xsl:if test="//saml:Attribute[@AttributeName=&apos;HPI&apos;]">
+										  <div class="annotationstyle">(**) HPI: Der <span class="italicstyle">eHealth Professional Identifier</span> wird aus den jeweiligen
+			 Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der
+			 Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.</div>
+										</xsl:if>
+										<xsl:if test="//saml:Attribute[@AttributeName=&apos;OID&apos;]">
+										  <div class="annotationstyle">(***) OID: <span class="italicstyle">Object Identifier</span> sind standardisierte Objekt-Bezeichner und
+			 beschreiben eindeutig die Rollen des GDA-Token Inhabers.</div>
+										</xsl:if>
+									 </body>
+								  </html>
+								</xsl:template>
+							 </xsl:stylesheet>
+						  </dsig:Transform>
+						  <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+						</dsig:Transforms>
+						<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+						<dsig:DigestValue>0q9QWyqAyyiVNNLu1rIcU+nKsEE=</dsig:DigestValue>
+					 </dsig:Reference>
+					 <dsig:Reference Id="etsi-data-reference-0-1216050695-35956125-7815" Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#xmlns(etsi=http://uri.etsi.org/01903/v1.1.1%23)%20xpointer(id(&apos;etsi-data-object-0-1216050695-35956125-20638&apos;)/child::etsi:QualifyingProperties/child::etsi:SignedProperties)">
+						<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+						<dsig:DigestValue>WtB0/ptvoB/r/7+fauSUIBULymg=</dsig:DigestValue>
+					 </dsig:Reference>
+				  </dsig:SignedInfo>
+				  <dsig:SignatureValue>mZt9DuZiDqG81scsf30qjSDdy6vKC2/n034ZZwMUAvfWOXy3+Ubsk5X5CHhz
++lyI</dsig:SignatureValue>
+				  <dsig:KeyInfo>
+					 <dsig:X509Data>
+						<dsig:X509Certificate>MIIEtDCCA5ygAwIBAgIDAgTEMA0GCSqGSIb3DQEBBQUAMIGXMQswCQYDVQQG
+EwJBVDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lz
+dGVtZSBpbSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR4wHAYDVQQLDBVh
+LXNpZ24tUHJlbWl1bS1TaWctMDIxHjAcBgNVBAMMFWEtc2lnbi1QcmVtaXVt
+LVNpZy0wMjAeFw0wNjA0MDQwOTUyMjhaFw0xMTA0MDQwOTUyMjhaMGkxCzAJ
+BgNVBAYTAkFUMRUwEwYDVQQDDAxUaG9tYXMgS25hbGwxDjAMBgNVBAQMBUtu
+YWxsMQ8wDQYDVQQqDAZUaG9tYXMxFTATBgNVBAUTDDUzNTE5ODkyMzM0OTEL
+MAkGA1UEDAwCREkwSTATBgcqhkjOPQIBBggqhkjOPQMBAQMyAARrnYW5sXCQ
+6M3irWaanDPi/ROXueKWiPRyZGjNH0Cp/NaiOuvrpv2RDVEKQm2tBiajggIP
+MIICCzATBgNVHSMEDDAKgAhN3+H/S9nJ3zAnBggrBgEFBQcBAwEB/wQYMBYw
+CAYGBACORgEBMAoGCCsGAQUFBwsBMHsGCCsGAQUFBwEBBG8wbTBCBggrBgEF
+BQcwAoY2aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Etc2lnbi1QcmVt
+aXVtLVNpZy0wMmEuY3J0MCcGCCsGAQUFBzABhhtodHRwOi8vb2NzcC5hLXRy
+dXN0LmF0L29jc3AwWQYDVR0gBFIwUDBEBgYqKAARAQswOjA4BggrBgEFBQcC
+ARYsaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3MvY3AvYS1zaWduLVByZW1p
+dW0wCAYGBACLMAEBMIGaBgNVHR8EgZIwgY8wgYyggYmggYaGgYNsZGFwOi8v
+bGRhcC5hLXRydXN0LmF0L291PWEtc2lnbi1QcmVtaXVtLVNpZy0wMixvPUEt
+VHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0P2Jhc2U/b2Jq
+ZWN0Y2xhc3M9ZWlkQ2VydGlmaWNhdGlvbkF1dGhvcml0eTARBgNVHQ4ECgQI
+SNyH29WUoCgwDgYDVR0PAQH/BAQDAgbAMCgGA1UdCQQhMB8wHQYIKwYBBQUH
+CQExERgPMTk3ODA0MjkwMDAwMDBaMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEF
+BQADggEBAFkSCJE0YD4p4izU3ekQYPv4Z7gm/VFlpma5hXNvwkajVjHlAqo/
+ylYn8NQ4mMkD+yCDNtm8m8nr0K/yICb8Gnkbv59i6nh2AbzYBBb49VnYYGL6
+uunLH0aFUpAhy+3mDdlH8uhhIQBHwCfgwG1qa5zXY7bz4Vzkac/h6T+JVFkI
+egO8OHQDadhgJvW80qspiao2DTac6vVgx4tGvjpdmw1R2pXBYhHD5rkPHlkf
+GoeL3ak6hq4ea94Oy5VfNTIJv5MA0J2G1mwnW9B8uPWSM5EYPoWJyBOWcKBL
+SSUqOt9D/9215ZGfbchkdRZjx0dTAD3FIhgG8nA72/uCFrBzyTk=
+</dsig:X509Certificate>
+					 </dsig:X509Data>
+				  </dsig:KeyInfo>
+				  <dsig:Object Id="etsi-data-object-0-1216050695-35956125-20638">
+					 <etsi:QualifyingProperties Target="#signature-1216050695-35956125-21395" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#">
+						<etsi:SignedProperties>
+						  <etsi:SignedSignatureProperties>
+							 <etsi:SigningTime>2008-07-14T15:51:35Z</etsi:SigningTime>
+							 <etsi:SigningCertificate>
+								<etsi:Cert>
+								  <etsi:CertDigest>
+									 <etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+									 <etsi:DigestValue>inMYWBmAxMHP7mDENjLFaEtv0Zk=</etsi:DigestValue>
+								  </etsi:CertDigest>
+								  <etsi:IssuerSerial>
+									 <dsig:X509IssuerName>CN=a-sign-Premium-Sig-02,OU=a-sign-Premium-Sig-02,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName>
+									 <dsig:X509SerialNumber>132292</dsig:X509SerialNumber>
+								  </etsi:IssuerSerial>
+								</etsi:Cert>
+							 </etsi:SigningCertificate>
+							 <etsi:SignaturePolicyIdentifier>
+								<etsi:SignaturePolicyImplied/>
+							 </etsi:SignaturePolicyIdentifier>
+						  </etsi:SignedSignatureProperties>
+						  <etsi:SignedDataObjectProperties>
+							 <etsi:DataObjectFormat ObjectReference="#signed-data-reference-0-1216050695-35956125-19584">
+								<etsi:MimeType>application/xhtml+xml</etsi:MimeType>
+							 </etsi:DataObjectFormat>
+						  </etsi:SignedDataObjectProperties>
+						</etsi:SignedProperties>
+					 </etsi:QualifyingProperties>
+				  </dsig:Object>
+				</dsig:Signature>
+			 </saml:Assertion>
+			 <saml:Assertion AssertionID="szr.bmi.gv.at-AssertionID11936526102761952" IssueInstant="2007-10-29T10:10:10+01:00" Issuer="http://portal.bmi.gv.at/ref/szr/issuer" MajorVersion="1" MinorVersion="0" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:ecdsa="http://www.w3.org/2001/04/xmldsig-more#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:si="http://www.w3.org/2001/XMLSchema-instance">
+				<saml:AttributeStatement>
+				  <saml:Subject>
+					 <saml:SubjectConfirmation>
+						<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
+						<saml:SubjectConfirmationData>
+						  <pr:Person si:type="pr:PhysicalPersonType">
+							 <pr:Identification>
+								<pr:Value>K2YMyx3/5kIpNJR+SAD/rbRYH+c=</pr:Value>
+								<pr:Type>urn:publicid:gv.at:wbpk+FN+www.act.at</pr:Type>
+							 </pr:Identification>
+							 <pr:Name>
+								<pr:GivenName>Thomas</pr:GivenName>
+								<pr:FamilyName primary="undefined">Knall</pr:FamilyName>
+							 </pr:Name>
+							 <pr:DateOfBirth>1978-04-29</pr:DateOfBirth>
+						  </pr:Person>
+						</saml:SubjectConfirmationData>
+					 </saml:SubjectConfirmation>
+				  </saml:Subject>
+				  <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="urn:publicid:gv.at:namespaces:identitylink:1.2">
+					 <saml:AttributeValue>
+						<ecdsa:ECDSAKeyValue>
+						  <ecdsa:DomainParameters>
+							 <ecdsa:NamedCurve URN="urn:oid:1.2.840.10045.3.1.1"/>
+						  </ecdsa:DomainParameters>
+						  <ecdsa:PublicKey>
+							 <ecdsa:X Value="2638720011055700682018137297354399374048880611104468142324" si:type="ecdsa:PrimeFieldElemType"/>
+							 <ecdsa:Y Value="2804889174475641803405778188053052844820705830770276369958" si:type="ecdsa:PrimeFieldElemType"/>
+						  </ecdsa:PublicKey>
+						</ecdsa:ECDSAKeyValue>
+					 </saml:AttributeValue>
+				  </saml:Attribute>
+				  <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="urn:publicid:gv.at:namespaces:identitylink:1.2">
+					 <saml:AttributeValue>
+						<dsig:RSAKeyValue>
+						  <dsig:Modulus>sWOqPZzPTn9VvBR5LjuopIWYdh5aGzuX2vMjofhn8bStba1CDW1qkDdlYW4Rs/DfU/I1uqor4Lje
+/G3Yzh82yD0MHdzlW8MYUJ8RJe+czbjRUPaSbC/NRqhyF3eKnflxM++sJb2abrUH/9TV0q8P5QRS
+uZC/JpAEYpSazysPz/fv8AEnU8oxcTvCiax1jf2GZPmm3qFjPc4qDYNHqfnE8yWYt7kHeqPV/cRw
+x3aMGW8mRwQZb7VRFLW5g37nrt9N</dsig:Modulus>
+						  <dsig:Exponent>AQAB</dsig:Exponent>
+						</dsig:RSAKeyValue>
+					 </saml:AttributeValue>
+				  </saml:Attribute>
+				</saml:AttributeStatement>
+				<dsig:Signature>
+				  <dsig:SignedInfo>
+					 <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+					 <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+					 <dsig:Reference URI="">
+						<dsig:Transforms>
+						  <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+							 <dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath>
+						  </dsig:Transform>
+						  <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+						</dsig:Transforms>
+						<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+						<dsig:DigestValue>b3d/wcQb0Bl0/6GSPsrMxWpdRLA=</dsig:DigestValue>
+					 </dsig:Reference>
+					 <dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI="#manifest">
+						<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+						<dsig:DigestValue>eet0q3Thmw6+cbO1fazbEg0556I=</dsig:DigestValue>
+					 </dsig:Reference>
+				  </dsig:SignedInfo>
+				  <dsig:SignatureValue>
+oy55Cq7IyYy7z/TO2a3+m7tjG/ztiKhxhGzVqEYIWIObEOs/GVJDCCI4oe/HS8Fhc4TaXDcZXk4y
+qBp4JJ288TeaNjPYkPzp38nWJ4xRatEyo7VaySXy+TqgwiBT5uhxrwkroCr4ZIWwOvt1uR5UBVAf
+qk1ii+LPW2WYE3bMpoHfrM9CdFSPzWTRl/0zsEURc64EBPyIdKz+c70DaexeX2E0JVelKcj+jDaJ
+mHsFhi/9QoscqPEVA87qv07yhyK5S41+f3HDvpuhYwvQDdOq50sclfsI+g9r473VxiRsOmJ9Ak4/
+k2KP0tgfAQ+h5hRGQUUo5LYPywjg7zPxe8SGGA==
+</dsig:SignatureValue>
+				  <dsig:KeyInfo>
+					 <dsig:X509Data>
+						<dsig:X509Certificate>
+MIIFZTCCBE2gAwIBAgIDAt4cMA0GCSqGSIb3DQEBBQUAMIGfMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMSIwIAYDVQQLDBlhLXNpZ24tY29y
+cG9yYXRlLWxpZ2h0LTAzMSIwIAYDVQQDDBlhLXNpZ24tY29ycG9yYXRlLWxpZ2h0
+LTAzMB4XDTA3MDExOTA5MDY0OFoXDTEyMDExOTA5MDY0OFowgZwxCzAJBgNVBAYT
+AkFUMRkwFwYDVQQKDBBCdW5kZXNrYW56bGVyYW10MR4wHAYDVQQLDBVEYXRlbnNj
+aHV0emtvbW1pc3Npb24xHTAbBgNVBAMMFERyLiBXYWx0cmF1dCBLb3RzY2h5MRUw
+EwYDVQQFEww3MDAyNDc0OTk4MDQxHDAaBgkqhkiG9w0BCQEWDWRza0Bkc2suZ3Yu
+YXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfnQUhARo9o1FyCtTK
+d5VcXP2WvqSTIsiq19xtWcYF/4pMew/bHLD2DLeO9y5QFpfXJgmx2ySvj1dlzTXV
+ESzFAiF/uL1DbNjB3g00LV/AV4yRacCWEqGkSUN/RVUv9a+bFnK2vR4XZu8ORrcf
+9rpMg19JHZMWsJIT+BEBM4v0iPhboJ/lqoENZwHZW8W/3XAcOcNYfW95ZrsFH+M9
+6KEFlA9g4AP5CndSnozUeN5i1LJr0s3rz8U/c7O/KTkdTmnAeyLM01ST13jhGmjW
+R55wf1Hjt4PCxFf9zpF3FIHDJGyCImgR5ZZe9T6tAjo/ZKo16Huzq0Yy2OYtysDq
+WukzAgMBAAGjggGpMIIBpTATBgNVHSMEDDAKgAhBkWkcv63YmDBVBggrBgEFBQcB
+AQRJMEcwRQYIKwYBBQUHMAKGOWh0dHA6Ly93d3cuYS10cnVzdC5hdC9jZXJ0cy9h
+LXNpZ24tY29ycG9yYXRlLWxpZ2h0LTAzLmNydDBYBgNVHSAEUTBPME0GByooABEB
+BwEwQjBABggrBgEFBQcCARY0aHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3MvY3Av
+YS1zaWduLWNvcnBvcmF0ZS1saWdodDCBngYDVR0fBIGWMIGTMIGQoIGNoIGKhoGH
+bGRhcDovL2xkYXAuYS10cnVzdC5hdC9vdT1hLXNpZ24tY29ycG9yYXRlLWxpZ2h0
+LTAzLG89QS1UcnVzdCxjPUFUP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3Q/YmFz
+ZT9vYmplY3RjbGFzcz1laWRDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MBEGA1UdDgQK
+BAhMCA6eGvS1ujAOBgNVHQ8BAf8EBAMCBLAwCQYDVR0TBAIwADAOBgcqKAAKAQcB
+BAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAEoIvqPLAg0n2wCS27zTL+hmLi7zSbes
+Od4e6pFT1l3cwGfdTkhiHVPnPRaDGLQkS384fAXBrOp6W13X9m2jD9csO6vZhd+T
+nERXN1AqayoaecXFyHPykVUTLhn6pMdiSE21mEozfGLUDGMz74lvphEKFAOOCgp1
+o5ZCR09RbGAEbQNNn+ucXJxIa3mYjr1h3AElVbXoeoz12qUpqsNm9znymSkcmcNo
+B5Pk6qXXx9UeC/Tj0aTglNkcMOSCFayldzOBaY6+qWKguPdzQUEryhGiNuARQpM5
+KMzvI0rmpc4Gau5HT9rQZHadr++VS8v1k6935uIyyZF9s+gdS5ywnSM=
+</dsig:X509Certificate>
+					 </dsig:X509Data>
+				  </dsig:KeyInfo>
+				  <dsig:Object>
+					 <dsig:Manifest Id="manifest">
+						<dsig:Reference URI="">
+						  <dsig:Transforms>
+							 <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+								<dsig:XPath>not(ancestor-or-self::dsig:Signature)</dsig:XPath>
+							 </dsig:Transform>
+						  </dsig:Transforms>
+						  <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+						  <dsig:DigestValue>JZGwiDzQAtJtnJMeeXyypTrDjwY=</dsig:DigestValue>
+						</dsig:Reference>
+					 </dsig:Manifest>
+				  </dsig:Object>
+				</dsig:Signature>
+			 </saml:Assertion>
+		  </saml:SubjectConfirmationData>
+		</saml:SubjectConfirmation>
+	 </saml:Subject>
+	 <saml:Attribute AttributeName="PersonData" AttributeNamespace="http://reference.e-government.gv.at/namespace/persondata/20020228#">
+		<saml:AttributeValue>
+		  <pr:Person si:type="pr:PhysicalPersonType" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:si="http://www.w3.org/2001/XMLSchema-instance">
+			 <pr:Identification>
+				<pr:Value>K2YMyx3/5kIpNJR+SAD/rbRYH+c=</pr:Value>
+				<pr:Type>urn:publicid:gv.at:wbpk+FN+www.act.at</pr:Type>
+			 </pr:Identification>
+			 <pr:Name>
+				<pr:GivenName>Thomas</pr:GivenName>
+				<pr:FamilyName primary="undefined">Knall</pr:FamilyName>
+			 </pr:Name>
+			 <pr:DateOfBirth>1978-04-29</pr:DateOfBirth>
+		  </pr:Person>
+		</saml:AttributeValue>
+	 </saml:Attribute>
+	 <saml:Attribute AttributeName="isQualifiedCertificate" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+		<saml:AttributeValue>true</saml:AttributeValue>
+	 </saml:Attribute>
+	 <saml:Attribute AttributeName="bkuURL" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+		<saml:AttributeValue>https://127.0.0.1:3496/https-security-layer-request</saml:AttributeValue>
+	 </saml:Attribute>
+	 <saml:Attribute AttributeName="SignerCertificate" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+		<saml:AttributeValue>MIIEtDCCA5ygAwIBAgIDAgTEMA0GCSqGSIb3DQEBBQUAMIGXMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR4wHAYDVQQLDBVhLXNpZ24tUHJl
+bWl1bS1TaWctMDIxHjAcBgNVBAMMFWEtc2lnbi1QcmVtaXVtLVNpZy0wMjAeFw0w
+NjA0MDQwOTUyMjhaFw0xMTA0MDQwOTUyMjhaMGkxCzAJBgNVBAYTAkFUMRUwEwYD
+VQQDDAxUaG9tYXMgS25hbGwxDjAMBgNVBAQMBUtuYWxsMQ8wDQYDVQQqDAZUaG9t
+YXMxFTATBgNVBAUTDDUzNTE5ODkyMzM0OTELMAkGA1UEDAwCREkwSTATBgcqhkjO
+PQIBBggqhkjOPQMBAQMyAARrnYW5sXCQ6M3irWaanDPi/ROXueKWiPRyZGjNH0Cp
+/NaiOuvrpv2RDVEKQm2tBiajggIPMIICCzATBgNVHSMEDDAKgAhN3+H/S9nJ3zAn
+BggrBgEFBQcBAwEB/wQYMBYwCAYGBACORgEBMAoGCCsGAQUFBwsBMHsGCCsGAQUF
+BwEBBG8wbTBCBggrBgEFBQcwAoY2aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRz
+L2Etc2lnbi1QcmVtaXVtLVNpZy0wMmEuY3J0MCcGCCsGAQUFBzABhhtodHRwOi8v
+b2NzcC5hLXRydXN0LmF0L29jc3AwWQYDVR0gBFIwUDBEBgYqKAARAQswOjA4Bggr
+BgEFBQcCARYsaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3MvY3AvYS1zaWduLVBy
+ZW1pdW0wCAYGBACLMAEBMIGaBgNVHR8EgZIwgY8wgYyggYmggYaGgYNsZGFwOi8v
+bGRhcC5hLXRydXN0LmF0L291PWEtc2lnbi1QcmVtaXVtLVNpZy0wMixvPUEtVHJ1
+c3QsYz1BVD9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0Y2xh
+c3M9ZWlkQ2VydGlmaWNhdGlvbkF1dGhvcml0eTARBgNVHQ4ECgQISNyH29WUoCgw
+DgYDVR0PAQH/BAQDAgbAMCgGA1UdCQQhMB8wHQYIKwYBBQUHCQExERgPMTk3ODA0
+MjkwMDAwMDBaMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEFBQADggEBAFkSCJE0YD4p
+4izU3ekQYPv4Z7gm/VFlpma5hXNvwkajVjHlAqo/ylYn8NQ4mMkD+yCDNtm8m8nr
+0K/yICb8Gnkbv59i6nh2AbzYBBb49VnYYGL6uunLH0aFUpAhy+3mDdlH8uhhIQBH
+wCfgwG1qa5zXY7bz4Vzkac/h6T+JVFkIegO8OHQDadhgJvW80qspiao2DTac6vVg
+x4tGvjpdmw1R2pXBYhHD5rkPHlkfGoeL3ak6hq4ea94Oy5VfNTIJv5MA0J2G1mwn
+W9B8uPWSM5EYPoWJyBOWcKBLSSUqOt9D/9215ZGfbchkdRZjx0dTAD3FIhgG8nA7
+2/uCFrBzyTk=</saml:AttributeValue>
+	 </saml:Attribute>
+	 <saml:Attribute AttributeName="Mandate" AttributeNamespace="http://reference.e-government.gv.at/namespace/mandates/20040701#">
+		<saml:AttributeValue>
+		  <md:Mandate MandateID="https://egov.act.at/mandates/20080714174835/886164" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:md="http://reference.e-government.gv.at/namespace/mandates/20040701#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">
+			 <md:Annotation>Prokura - MeineTestFirma</md:Annotation>
+			 <md:StatusInformationService>http://localhost:58080/omsp/OMSPRequest</md:StatusInformationService>
+			 <md:Representative>
+				<pr:PhysicalPerson>
+				  <pr:Identification>
+					 <pr:Value>K2YMyx3/5kIpNJR+SAD/rbRYH+c=</pr:Value>
+					 <pr:Type>urn:publicid:gv.at:wbpk+FN+www.act.at</pr:Type>
+				  </pr:Identification>
+				  <pr:Name>
+					 <pr:GivenName>Thomas</pr:GivenName>
+					 <pr:FamilyName primary="undefined">Knall</pr:FamilyName>
+				  </pr:Name>
+				  <pr:DateOfBirth>1978-04-29</pr:DateOfBirth>
+				</pr:PhysicalPerson>
+			 </md:Representative>
+			 <md:Mandator>
+				<pr:CorporateBody>
+				  <pr:Identification>
+					 <pr:Value>123456i</pr:Value>
+					 <pr:Type>urn:publicid:gv.at:baseid+XFN</pr:Type>
+				  </pr:Identification>
+				  <pr:FullName>MeineTestFirma</pr:FullName>
+				</pr:CorporateBody>
+			 </md:Mandator>
+			 <md:Issued>
+				<md:Place>Wien</md:Place>
+				<md:Date>2008-07-14</md:Date>
+			 </md:Issued>
+			 <md:Properties>
+				<md:SubstitutionAllowed>false</md:SubstitutionAllowed>
+			 </md:Properties>
+			 <md:SimpleMandateContent>
+				<md:TextualDescription>Der/Die Bevollmächtigte wird zum Prokuristen/Prokuristin bestellt.</md:TextualDescription>
+			 </md:SimpleMandateContent>
+			 <dsig:Signature Id="signature-1-1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+				<dsig:SignedInfo>
+				  <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+				  <dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/>
+				  <dsig:Reference Id="reference-1-1" URI="">
+					 <dsig:Transforms>
+						<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+						  <dsig:XPath xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:moa="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">not(ancestor-or-self::pr:Identification or ancestor-or-self::dsig:Signature)</dsig:XPath>
+						</dsig:Transform>
+						<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+						<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+					 </dsig:Transforms>
+					 <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+					 <dsig:DigestValue>PRRF0sWBgoywztCKWEXafZfhpd0=</dsig:DigestValue>
+				  </dsig:Reference>
+				  <dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI="#dsig-manifest-1-1">
+					 <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+					 <dsig:DigestValue>NorNorUqPFMA06JfxSJopOq7Qv0=</dsig:DigestValue>
+				  </dsig:Reference>
+				</dsig:SignedInfo>
+				<dsig:SignatureValue>IQMZFc57XZd9LjeiaZqSfzZtWuXhuikAqbKA7pWuDK02DLFSYZPXsGjcvnwNdVaP</dsig:SignatureValue>
+				<dsig:KeyInfo>
+				  <dsig:X509Data>
+					 <dsig:X509Certificate>MIICtjCCAm6gAwIBAgIBATAJBgcqhkjOPQQBMGoxCzAJBgNVBAYTAkFUMQ0wCwYD
+VQQHEwRXaWVuMRkwFwYDVQQJExBFc3NsaW5nZ2Fzc2UgNS85MQwwCgYDVQQKEwNB
+Q1QxIzAhBgNVBAMTGlZvbGxtYWNodGVuIFNpZ25hdHVyZGllbnN0MB4XDTA4MDcw
+ODE1MTk1MFoXDTEyMTIzMTIxNTk1OVowajELMAkGA1UEBhMCQVQxDTALBgNVBAcT
+BFdpZW4xGTAXBgNVBAkTEEVzc2xpbmdnYXNzZSA1LzkxDDAKBgNVBAoTA0FDVDEj
+MCEGA1UEAxMaVm9sbG1hY2h0ZW4gU2lnbmF0dXJkaWVuc3QwgfMwgbwGByqGSM49
+AgEwgbACAQEwJAYHKoZIzj0BAQIZAP////////////////////7//////////zA0
+BBj////////////////////+//////////wEGGQhBRnlnIDnD6fpq3IkMEn+uN7s
+wUa5sQQxBBiNqA6wMJD2fL8g60OhiAD0/wr9gv8QEgcZK5X/yNp4YxAR7WskzdVz
++XehHnlIEQIZAP///////////////5ne+DYUa8mxtNIoMQIBAQMyAAS908G9FD5/
+LLYruwFbp9giXahdQ1FAqKwzohSn9pgsVTQBnvXxU8IWIzhPHs49DZCjazBpMAwG
+A1UdEwEB/wQCMAAwHQYDVR0OBBYEFLOSgnkLSJ3l4Ah49rHX/FAV1wWcMBkGA1Ud
+IAQSMBAwDgYMKwYBBAGVEgECBAEBMB8GA1UdIwQYMBaAFLOSgnkLSJ3l4Ah49rHX
+/FAV1wWcMAkGByqGSM49BAEDNwAwNAIYTTppZzS6wqoLDFcf9frHzf1kMheY04dT
+Ahg4Nrb54vE3DTRf9sbO4xs4dTARHSt1ihA=</dsig:X509Certificate>
+				  </dsig:X509Data>
+				</dsig:KeyInfo>
+				<dsig:Object>
+				  <dsig:Manifest Id="dsig-manifest-1-1">
+					 <dsig:Reference Id="reference-1-2" URI="">
+						<dsig:Transforms>
+						  <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+							 <dsig:XPath xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:moa="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">not(ancestor-or-self::dsig:Signature)</dsig:XPath>
+						  </dsig:Transform>
+						  <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+						  <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+						</dsig:Transforms>
+						<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+						<dsig:DigestValue>oz6ThHPL3V7RNibfPrDSWVhUgi8=</dsig:DigestValue>
+					 </dsig:Reference>
+				  </dsig:Manifest>
+				</dsig:Object>
+			 </dsig:Signature>
+		  </md:Mandate>
+		</saml:AttributeValue>
+	 </saml:Attribute>
+  </saml:AttributeStatement>
+</saml:Assertion>
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignedAuthBlock.xml b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignedAuthBlock.xml
new file mode 100644
index 000000000..450ba90f3
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignedAuthBlock.xml
@@ -0,0 +1,179 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<dsig:Signature Id="signature-1216050695-35956125-21395" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+  <dsig:SignedInfo>
+	 <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+	 <dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/>
+	 <dsig:Reference Id="signed-data-reference-0-1216050695-35956125-19584" URI="">
+		<dsig:Transforms>
+		  <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+		  <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+			 <xsl:stylesheet version="1.0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+				  <html xmlns="http://www.w3.org/1999/xhtml">
+					 <head>
+						<title>Signatur der Anmeldedaten</title>
+						<style media="screen" type="text/css">
+.boldstyle { font-weight: bold; }
+.italicstyle { font-style: italic; }
+.annotationstyle { font-size: small; }
+</style>
+					 </head>
+					 <body>
+						<h1>Signatur der Anmeldedaten</h1>
+						<p/>
+						<h4>Mit meiner elektronischen Signatur beantrage ich,
+<span class="boldstyle">
+							 <xsl:value-of select="//@Issuer"/>
+						  </span>, geboren am
+<xsl:value-of select="substring(//saml:Attribute[@AttributeName=&apos;Geburtsdatum&apos;]/saml:AttributeValue,9,2)"/>.
+<xsl:value-of select="substring(//saml:Attribute[@AttributeName=&apos;Geburtsdatum&apos;]/saml:AttributeValue,6,2)"/>.
+<xsl:value-of select="substring(//saml:Attribute[@AttributeName=&apos;Geburtsdatum&apos;]/saml:AttributeValue,1,4)"/>,
+<xsl:if test="//saml:Attribute[@AttributeName=&apos;OIDTextualDescription&apos;]">
+in der Rolle als <xsl:value-of select="//saml:Attribute[@AttributeName=&apos;OIDTextualDescription&apos;]/saml:AttributeValue"/>
+(OID***= <xsl:value-of select="//saml:Attribute[@AttributeName=&apos;OID&apos;]/saml:AttributeValue"/>),
+</xsl:if>
+den Zugang zur gesicherten Anwendung.
+</h4>
+						<p/>
+						<h4>Datum und Uhrzeit:
+<xsl:value-of select="substring(//@IssueInstant,9,2)"/>.
+<xsl:value-of select="substring(//@IssueInstant,6,2)"/>.
+<xsl:value-of select="substring(//@IssueInstant,1,4)"/>,
+<xsl:value-of select="substring(//@IssueInstant,12,2)"/>:
+<xsl:value-of select="substring(//@IssueInstant,15,2)"/>:
+<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+						</h4>
+						<xsl:if test="//saml:Attribute[@AttributeName=&apos;HPI&apos;]">
+						  <h4>HPI(**): <xsl:value-of select="//saml:Attribute[@AttributeName=&apos;HPI&apos;]/saml:AttributeValue"/>
+						  </h4>
+						</xsl:if>
+						<xsl:if test="//saml:Attribute[@AttributeName=&apos;wbPK&apos;]">
+						  <h4>wbPK(*): <xsl:value-of select="//saml:Attribute[@AttributeName=&apos;wbPK&apos;]/saml:AttributeValue/pr:Identification/pr:Value"/>
+						  </h4>
+						</xsl:if>
+						<xsl:if test="//saml:Attribute[@AttributeName=&apos;MandatorName&apos;]">
+						  <hr/>
+						  <h4>Ich bin weiters ermächtigt als <xsl:value-of select="//saml:Attribute[@AttributeName=&apos;RepresentationType&apos;]/saml:AttributeValue/text()"/>
+von <xsl:value-of select="//saml:Attribute[@AttributeName=&apos;MandatorName&apos;]/saml:AttributeValue/text()"/>
+							 <xsl:if test="//saml:Attribute[@AttributeName=&apos;MandatorDateOfBirth&apos;]">, geboren am
+  <xsl:value-of select="substring(//saml:Attribute[@AttributeName=&apos;MandatorDateOfBirth&apos;]/saml:AttributeValue,9,2)"/>.
+  <xsl:value-of select="substring(//saml:Attribute[@AttributeName=&apos;MandatorDateOfBirth&apos;]/saml:AttributeValue,6,2)"/>.
+  <xsl:value-of select="substring(//saml:Attribute[@AttributeName=&apos;MandatorDateOfBirth&apos;]/saml:AttributeValue,1,4)"/>
+							 </xsl:if>
+							 <xsl:if test="//saml:Attribute[@AttributeName=&apos;MandatorDomainIdentifier&apos;]">,
+  <xsl:value-of select="//saml:Attribute[@AttributeName=&apos;MandatorDomainIdentifier&apos;]/saml:AttributeValue/text()"/>
+							 </xsl:if>, in deren Auftrag zu handeln.
+</h4>
+						  <xsl:if test="//saml:Attribute[@AttributeName=&apos;MandatorWbpk&apos;]">
+							 <h4>wbPK(*) des Vollmachtgebers: <xsl:value-of select="//saml:Attribute[@AttributeName=&apos;MandatorWbpk&apos;]/saml:AttributeValue/text()"/>
+							 </h4>
+						  </xsl:if>
+						  <p/>
+						</xsl:if>
+						<xsl:choose>
+						  <xsl:when test="//saml:Attribute[@AttributeName=&apos;OID&apos;]">
+							 <p/>
+							 <hr/>
+						  </xsl:when>
+						  <xsl:when test="//saml:Attribute[@AttributeName=&apos;HPI&apos;]">
+							 <p/>
+							 <hr/>
+						  </xsl:when>
+						  <xsl:when test="//saml:Attribute[@AttributeName=&apos;wbPK&apos;]">
+							 <p/>
+							 <hr/>
+						  </xsl:when>
+						</xsl:choose>
+						<xsl:if test="//saml:Attribute[@AttributeName=&apos;wbPK&apos;]">
+						  <div class="annotationstyle">(*) wbPK: Das <span class="italicstyle">wirtschaftsbereichsspezifische Personenkennzeichen</span> wird aus den
+jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum
+Wirtschaftsunternehmen.</div>
+						</xsl:if>
+						<xsl:if test="//saml:Attribute[@AttributeName=&apos;HPI&apos;]">
+						  <div class="annotationstyle">(**) HPI: Der <span class="italicstyle">eHealth Professional Identifier</span> wird aus den jeweiligen
+Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der
+Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.</div>
+						</xsl:if>
+						<xsl:if test="//saml:Attribute[@AttributeName=&apos;OID&apos;]">
+						  <div class="annotationstyle">(***) OID: <span class="italicstyle">Object Identifier</span> sind standardisierte Objekt-Bezeichner und
+beschreiben eindeutig die Rollen des GDA-Token Inhabers.</div>
+						</xsl:if>
+					 </body>
+				  </html>
+				</xsl:template>
+			 </xsl:stylesheet>
+		  </dsig:Transform>
+		  <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+		</dsig:Transforms>
+		<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+		<dsig:DigestValue>0q9QWyqAyyiVNNLu1rIcU+nKsEE=</dsig:DigestValue>
+	 </dsig:Reference>
+	 <dsig:Reference Id="etsi-data-reference-0-1216050695-35956125-7815" Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#xmlns(etsi=http://uri.etsi.org/01903/v1.1.1%23)%20xpointer(id(&apos;etsi-data-object-0-1216050695-35956125-20638&apos;)/child::etsi:QualifyingProperties/child::etsi:SignedProperties)">
+		<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+		<dsig:DigestValue>WtB0/ptvoB/r/7+fauSUIBULymg=</dsig:DigestValue>
+	 </dsig:Reference>
+  </dsig:SignedInfo>
+  <dsig:SignatureValue>mZt9DuZiDqG81scsf30qjSDdy6vKC2/n034ZZwMUAvfWOXy3+Ubsk5X5CHhz
++lyI</dsig:SignatureValue>
+  <dsig:KeyInfo>
+	 <dsig:X509Data>
+		<dsig:X509Certificate>MIIEtDCCA5ygAwIBAgIDAgTEMA0GCSqGSIb3DQEBBQUAMIGXMQswCQYDVQQG
+EwJBVDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lz
+dGVtZSBpbSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR4wHAYDVQQLDBVh
+LXNpZ24tUHJlbWl1bS1TaWctMDIxHjAcBgNVBAMMFWEtc2lnbi1QcmVtaXVt
+LVNpZy0wMjAeFw0wNjA0MDQwOTUyMjhaFw0xMTA0MDQwOTUyMjhaMGkxCzAJ
+BgNVBAYTAkFUMRUwEwYDVQQDDAxUaG9tYXMgS25hbGwxDjAMBgNVBAQMBUtu
+YWxsMQ8wDQYDVQQqDAZUaG9tYXMxFTATBgNVBAUTDDUzNTE5ODkyMzM0OTEL
+MAkGA1UEDAwCREkwSTATBgcqhkjOPQIBBggqhkjOPQMBAQMyAARrnYW5sXCQ
+6M3irWaanDPi/ROXueKWiPRyZGjNH0Cp/NaiOuvrpv2RDVEKQm2tBiajggIP
+MIICCzATBgNVHSMEDDAKgAhN3+H/S9nJ3zAnBggrBgEFBQcBAwEB/wQYMBYw
+CAYGBACORgEBMAoGCCsGAQUFBwsBMHsGCCsGAQUFBwEBBG8wbTBCBggrBgEF
+BQcwAoY2aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Etc2lnbi1QcmVt
+aXVtLVNpZy0wMmEuY3J0MCcGCCsGAQUFBzABhhtodHRwOi8vb2NzcC5hLXRy
+dXN0LmF0L29jc3AwWQYDVR0gBFIwUDBEBgYqKAARAQswOjA4BggrBgEFBQcC
+ARYsaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3MvY3AvYS1zaWduLVByZW1p
+dW0wCAYGBACLMAEBMIGaBgNVHR8EgZIwgY8wgYyggYmggYaGgYNsZGFwOi8v
+bGRhcC5hLXRydXN0LmF0L291PWEtc2lnbi1QcmVtaXVtLVNpZy0wMixvPUEt
+VHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0P2Jhc2U/b2Jq
+ZWN0Y2xhc3M9ZWlkQ2VydGlmaWNhdGlvbkF1dGhvcml0eTARBgNVHQ4ECgQI
+SNyH29WUoCgwDgYDVR0PAQH/BAQDAgbAMCgGA1UdCQQhMB8wHQYIKwYBBQUH
+CQExERgPMTk3ODA0MjkwMDAwMDBaMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEF
+BQADggEBAFkSCJE0YD4p4izU3ekQYPv4Z7gm/VFlpma5hXNvwkajVjHlAqo/
+ylYn8NQ4mMkD+yCDNtm8m8nr0K/yICb8Gnkbv59i6nh2AbzYBBb49VnYYGL6
+uunLH0aFUpAhy+3mDdlH8uhhIQBHwCfgwG1qa5zXY7bz4Vzkac/h6T+JVFkI
+egO8OHQDadhgJvW80qspiao2DTac6vVgx4tGvjpdmw1R2pXBYhHD5rkPHlkf
+GoeL3ak6hq4ea94Oy5VfNTIJv5MA0J2G1mwnW9B8uPWSM5EYPoWJyBOWcKBL
+SSUqOt9D/9215ZGfbchkdRZjx0dTAD3FIhgG8nA72/uCFrBzyTk=
+</dsig:X509Certificate>
+	 </dsig:X509Data>
+  </dsig:KeyInfo>
+  <dsig:Object Id="etsi-data-object-0-1216050695-35956125-20638">
+	 <etsi:QualifyingProperties Target="#signature-1216050695-35956125-21395" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#">
+		<etsi:SignedProperties>
+		  <etsi:SignedSignatureProperties>
+			 <etsi:SigningTime>2008-07-14T15:51:35Z</etsi:SigningTime>
+			 <etsi:SigningCertificate>
+				<etsi:Cert>
+				  <etsi:CertDigest>
+					 <etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+					 <etsi:DigestValue>inMYWBmAxMHP7mDENjLFaEtv0Zk=</etsi:DigestValue>
+				  </etsi:CertDigest>
+				  <etsi:IssuerSerial>
+					 <dsig:X509IssuerName>CN=a-sign-Premium-Sig-02,OU=a-sign-Premium-Sig-02,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName>
+					 <dsig:X509SerialNumber>132292</dsig:X509SerialNumber>
+				  </etsi:IssuerSerial>
+				</etsi:Cert>
+			 </etsi:SigningCertificate>
+			 <etsi:SignaturePolicyIdentifier>
+				<etsi:SignaturePolicyImplied/>
+			 </etsi:SignaturePolicyIdentifier>
+		  </etsi:SignedSignatureProperties>
+		  <etsi:SignedDataObjectProperties>
+			 <etsi:DataObjectFormat ObjectReference="#signed-data-reference-0-1216050695-35956125-19584">
+				<etsi:MimeType>application/xhtml+xml</etsi:MimeType>
+			 </etsi:DataObjectFormat>
+		  </etsi:SignedDataObjectProperties>
+		</etsi:SignedProperties>
+	 </etsi:QualifyingProperties>
+  </dsig:Object>
+</dsig:Signature>
\ No newline at end of file
-- 
cgit v1.2.3


From 8579cf80c3602f963566d31eaf04f59f68d3bf11 Mon Sep 17 00:00:00 2001
From: Thomas Knall <t.knall@datentechnik-innovation.com>
Date: Thu, 29 Jan 2015 10:56:18 +0100
Subject: Add STORK process (MOAID-58).

- Add STORKAuthentication.process.xml
- Add PepsConnectorTask using code from PEPSConnectorServlet.
- Split code from PEPSConnectorWithLocalSigningServlet into PepsConnectorHandleResponseWithoutSignatureTask and PepsConnectorHandleLocalSignResponseTask.
- Replace SpringExpressionEvaluator within applicationContext.xml with SpringWebExpressionEvaluator (allowing expressions using request parameter(s)).
- Make servlet mappings /PEPSConnectorWithLocalSigning and /PEPSConnector point to the process engine signaling servlet.
- Add many FIXMEs marking problematic code.
- Move code to start stork authentication from StartAuthenticationBuilder to CreateStorkAuthRequestFormTask.
- Mark PEPSConnectorServlet and PEPSConnectorWithLocalSigningServlet deprecated.
- Remove @author tknall from classes assembled using existing (bogus) code.
---
 .../src/main/webapp/WEB-INF/applicationContext.xml |   2 +-
 id/server/auth/src/main/webapp/WEB-INF/web.xml     |  24 +-
 .../moa/id/auth/AuthenticationServer.java          |  13 +-
 .../auth/builder/StartAuthenticationBuilder.java   |  28 +-
 .../moa/id/auth/servlet/PEPSConnectorServlet.java  |   1 +
 .../PEPSConnectorWithLocalSigningServlet.java      |   1 +
 .../moa/id/auth/tasks/AbstractAuthServletTask.java |   3 -
 .../id/auth/tasks/CertificateReadRequestTask.java  |   5 +-
 .../id/auth/tasks/CreateIdentityLinkFormTask.java  |   1 -
 .../moa/id/auth/tasks/GetForeignIDTask.java        |   1 -
 .../moa/id/auth/tasks/GetMISSessionIDTask.java     |   1 -
 .../auth/tasks/PrepareAuthBlockSignatureTask.java  |   1 -
 .../auth/tasks/VerifyAuthenticationBlockTask.java  |   1 -
 .../moa/id/auth/tasks/VerifyCertificateTask.java   |   1 -
 .../moa/id/auth/tasks/VerifyIdentityLinkTask.java  |   9 +-
 .../AbstractPepsConnectorWithLocalSigningTask.java | 258 ++++++++++
 .../stork/CreateStorkAuthRequestFormTask.java      | 114 +++++
 .../PepsConnectorHandleLocalSignResponseTask.java  | 218 ++++++++
 ...onnectorHandleResponseWithoutSignatureTask.java | 441 ++++++++++++++++
 .../moa/id/auth/tasks/stork/PepsConnectorTask.java | 567 +++++++++++++++++++++
 .../processes/DefaultAuthentication.process.xml    |   4 +-
 .../processes/STORKAuthentication.process.xml      |  29 ++
 .../resources/properties/id_messages_de.properties |   3 +
 23 files changed, 1656 insertions(+), 70 deletions(-)
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/stork/AbstractPepsConnectorWithLocalSigningTask.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/stork/CreateStorkAuthRequestFormTask.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/stork/PepsConnectorHandleLocalSignResponseTask.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/stork/PepsConnectorHandleResponseWithoutSignatureTask.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/stork/PepsConnectorTask.java
 create mode 100644 id/server/idserverlib/src/main/resources/resources/processes/STORKAuthentication.process.xml

(limited to 'id/server/auth/src')

diff --git a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml
index 0f9f05baa..8e210c040 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml
@@ -11,7 +11,7 @@
 
 	<bean id="processEngine" class="com.datentechnik.process_engine.ProcessEngineImpl">
 		<property name="transitionConditionExpressionEvaluator">
-			<bean class="com.datentechnik.process_engine.spring.SpringExpressionEvaluator" />
+			<bean class="com.datentechnik.process_engine.springweb.SpringWebExpressionEvaluator" />
 		</property>
 		<property name="processInstanceMaxIdleTimeSeconds" value="600" />
 		<property name="processDefinitions">
diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml
index 4548e05d9..2dbceb4e9 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/web.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml
@@ -119,28 +119,6 @@
 		<url-pattern>/services/*</url-pattern>
 	</servlet-mapping>
 
-	<servlet>
-		<description>Servlet receiving STORK SAML Response Messages from different C-PEPS</description>
-		<display-name>PEPSConnectorServlet</display-name>
-		<servlet-name>PEPSConnectorServlet</servlet-name>
-		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet</servlet-class>
-	</servlet>
-	<servlet-mapping>
-		<servlet-name>PEPSConnectorServlet</servlet-name>
-		<url-pattern>/PEPSConnector</url-pattern>
-	</servlet-mapping>
-
-	<servlet>
-		<description>Servlet receiving STORK SAML Response Messages from different C-PEPS</description>
-		<display-name>PEPSConnectorWithLocalSigningServlet</display-name>
-		<servlet-name>PEPSConnectorWithLocalSigningServlet</servlet-name>
-		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet</servlet-class>
-	</servlet>
-	<servlet-mapping>
-		<servlet-name>PEPSConnectorWithLocalSigningServlet</servlet-name>
-		<url-pattern>/PEPSConnectorWithLocalSigning</url-pattern>
-	</servlet-mapping>
-	
 	<servlet>
 		<display-name>Dispatcher Servlet</display-name>
 		<servlet-name>DispatcherServlet</servlet-name>
@@ -165,6 +143,8 @@
 		<url-pattern>/VerifyAuthBlock</url-pattern>
 		<url-pattern>/VerifyCertificate</url-pattern>
 		<url-pattern>/VerifyIdentityLink</url-pattern>
+		<url-pattern>/PEPSConnectorWithLocalSigning</url-pattern>
+		<url-pattern>/PEPSConnector</url-pattern>
 	</servlet-mapping>
 
 	<session-config>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index c33e5c735..cf50a1bf5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -1402,8 +1402,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
 	 * Retrieves a session from the session store.
 	 *
 	 * @param id session ID
-	 * @return <code>AuthenticationSession</code> stored with given session ID,
-	 * <code>null</code> if session ID unknown
+	 * @return <code>AuthenticationSession</code> stored with given session ID (never {@code null}).
+	 * @throws AuthenticationException in case the session id does not reflect a valic, active session.
 	 */
 	public static AuthenticationSession getSession(String id)
 			throws AuthenticationException {
@@ -1707,10 +1707,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
 		//        String acsURL = new DataURLBuilder().buildDataURL(issuerValue, 
 		//    			PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN, moasession.getSessionID());
 
-		//solve Problem with sessionIDs 
-		String acsURL = issuerValue + PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN;
-
-		Logger.debug("MOA Assertion Consumer URL (PEPSConnctor): " + acsURL);
 
 		String providerName = oaParam.getFriendlyName();
 		Logger.debug("Issuer value: " + issuerValue);
@@ -1744,8 +1740,12 @@ public class AuthenticationServer implements MOAIDAuthConstants {
 		List<String> value = new ArrayList<String>();
 
 		Logger.debug("PEPS supports XMLSignatures:"+cpeps.isXMLSignatureSupported());
+		String acsURL;
 		if(cpeps.isXMLSignatureSupported())//Send SignRequest to PEPS
 		{
+			//solve Problem with sessionIDs 
+			acsURL = issuerValue + PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN;
+			
 			value.add(generateDssSignRequest(CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im  Signaturzertifikat (as in my signature certificate)", oaParam, moasession),
 					"application/xhtml+xml", moasession.getCcc()));
 			newAttribute.setValue(value);
@@ -1776,6 +1776,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
 			}
 
 		}
+		Logger.debug("MOA Assertion Consumer URL (PEPSConnctor): " + acsURL);
 
 		if (Logger.isDebugEnabled()) {
 			Logger.debug("The following attributes are requested for this OA:");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java
index a92d3f678..9a8372a2d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java
@@ -52,10 +52,9 @@ public class StartAuthenticationBuilder {
 	 * <ul>
 	 * <li><strong>Either</strong> creates an "IdentityLinkForm" with embedded {@code InfoBoxReadRequest} to be submitted to a citizen card
 	 * environment for reading the subject's IdentityLink</li>
-	 * <li><strong>or</strong> creates a STORK auth request and redirects to a CPEPS.</li>
 	 * </ul>
 	 * 
-	 * @return The "IdentityLinkForm" or an empty String in case of STORK.
+	 * @return The IdentityLinkForm.
 	 */
 	public String build(AuthenticationSession moasession, HttpServletRequest req,
 			HttpServletResponse resp) throws WrongParametersException, MOAIDException {
@@ -64,26 +63,11 @@ public class StartAuthenticationBuilder {
 			throw new AuthenticationException("auth.18", new Object[] { });
 		}
 		  
-	    STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig();
-	    
-	    Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(moasession.getCcc()) ? "AT" : moasession.getCcc()));
-	    // STORK or normal authentication
-	    // TODO[branch]: STORK
-	    if (storkConfig.isSTORKAuthentication(moasession.getCcc())) {
-	    	//STORK authentication
-	    	Logger.trace("Found C-PEPS configuration for citizen of country: " + moasession.getCcc());
-	    	Logger.debug("Starting STORK authentication");
-	    	
-	    	AuthenticationServer.startSTORKAuthentication(req, resp, moasession);
-	    	return "";
-	    	
-	    } else {
-	    	//normal MOA-ID authentication
-	    	Logger.debug("Starting normal MOA-ID authentication");
-		    			    	    	
-	    	String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(moasession, req);	   
+    	//normal MOA-ID authentication
+    	Logger.debug("Starting normal MOA-ID authentication");
+	    			    	    	
+    	String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(moasession, req);	   
 
-	    	return getIdentityLinkForm;
-	    }
+    	return getIdentityLinkForm;
 	}
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
index 4cd192070..02e1cb12d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
@@ -97,6 +97,7 @@ import javax.xml.ws.BindingProvider;
 
 /**
  * Endpoint for receiving STORK response messages
+ * @deprecated Use {@link at.gv.egovernment.moa.id.auth.tasks.stork.PepsConnectorTask} instead.
  */
 public class PEPSConnectorServlet extends AuthServlet {
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java
index 165445ea5..fa80bdab9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java
@@ -109,6 +109,7 @@ import eu.stork.peps.exceptions.STORKSAMLEngineException;
 
 /**
  * Endpoint for receiving STORK response messages
+ * @deprecated Use {@link at.gv.egovernment.moa.id.auth.tasks.stork.PepsConnectorHandleResponseWithoutSignatureTask} instead.
  */
 public class PEPSConnectorWithLocalSigningServlet extends AuthServlet {
 	private static final long serialVersionUID = 1L;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/AbstractAuthServletTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/AbstractAuthServletTask.java
index 7351933c1..9a5c2baee 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/AbstractAuthServletTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/AbstractAuthServletTask.java
@@ -43,9 +43,6 @@ import com.datentechnik.process_engine.springweb.AbstractSpringWebSupportedTask;
 /**
  * Task based counterpart to {@link AuthServlet}, providing the same utility methods (error handling, parameter parsing
  * etc.).</p> The code has been taken from {@link AuthServlet}.
- * 
- * @author tknall
- * 
  */
 public abstract class AbstractAuthServletTask extends AbstractSpringWebSupportedTask {
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/CertificateReadRequestTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/CertificateReadRequestTask.java
index da8a3d997..29e9ac42f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/CertificateReadRequestTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/CertificateReadRequestTask.java
@@ -40,7 +40,6 @@ import com.datentechnik.process_engine.api.ExecutionContext;
  * <li>Responds with {@code InfoBoxReadRequest} (for CCE), {@code DataURL} is {@code {/VerifyCertificate}</li>
  * </ul>
  * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet}.
- * @author tknall
  * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
  *
  */
@@ -71,9 +70,9 @@ public class CertificateReadRequestTask extends AbstractAuthServletTask {
 			AuthenticationSession session = AuthenticationServer.getSession(sessionID);
 
 			boolean useMandate = session.getUseMandate();
-			boolean identityLinkFound = BooleanUtils.isTrue((Boolean) executionContext.get("identityLinkFound"));
+			boolean identityLinkAvailable = BooleanUtils.isTrue((Boolean) executionContext.get("identityLinkAvailable"));
 			
-			if (!identityLinkFound && useMandate) {
+			if (!identityLinkAvailable && useMandate) {
 				Logger.error("Online-Mandate Mode for foreign citizencs not supported.");
 				throw new AuthenticationException("auth.13", null);
 			}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/CreateIdentityLinkFormTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/CreateIdentityLinkFormTask.java
index 70afd477d..01628dcf6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/CreateIdentityLinkFormTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/CreateIdentityLinkFormTask.java
@@ -54,7 +54,6 @@ import com.datentechnik.process_engine.api.ExecutionContext;
  * </li>
  * </ul>
  * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet}.
- * @author tknall
  * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
  *
  */
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/GetForeignIDTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/GetForeignIDTask.java
index 602ad527b..8e52e3827 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/GetForeignIDTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/GetForeignIDTask.java
@@ -59,7 +59,6 @@ import com.datentechnik.process_engine.api.ExecutionContext;
  * <li>Redirect to {@code /dispatcher}.</li>
  * </ul>
  * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.GetForeignIDServlet}.
- * @author tknall
  * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
  *
  */
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/GetMISSessionIDTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/GetMISSessionIDTask.java
index 40e33ae43..626d33917 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/GetMISSessionIDTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/GetMISSessionIDTask.java
@@ -55,7 +55,6 @@ import com.datentechnik.process_engine.api.ExecutionContext;
  * <li>Redirect to {@code /dispatcher}.</li>
  * </ul>
  * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.GetMISSessionIDServlet}.
- * @author tknall
  * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
  *
  */
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/PrepareAuthBlockSignatureTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/PrepareAuthBlockSignatureTask.java
index 30777198c..8b45f1c66 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/PrepareAuthBlockSignatureTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/PrepareAuthBlockSignatureTask.java
@@ -38,7 +38,6 @@ import com.datentechnik.process_engine.api.ExecutionContext;
  * <li>Responds with {@code CreateXMLSignatureRequest} (for CCE), {@code DataURL} is {@code {/VerifyAuthBlock}</li>
  * </ul>
  * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet}.
- * @author tknall
  * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
  *
  */
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyAuthenticationBlockTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyAuthenticationBlockTask.java
index 2bc0bb8ad..97f3a21cb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyAuthenticationBlockTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyAuthenticationBlockTask.java
@@ -70,7 +70,6 @@ import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
  * </li>
  * </ul>
  * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet}.
- * @author tknall
  * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
  *
  */
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyCertificateTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyCertificateTask.java
index ddea4c414..7e76819ff 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyCertificateTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyCertificateTask.java
@@ -50,7 +50,6 @@ import com.datentechnik.process_engine.api.ExecutionContext;
  * <li>{@code CreateXMLSignatureRequest} send as HttpServletResponse (for CCE).</li>
  * </ul>
  * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet}.
- * @author tknall
  * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
  *
  */
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyIdentityLinkTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyIdentityLinkTask.java
index 5b21cd29c..9711b4bc4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyIdentityLinkTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyIdentityLinkTask.java
@@ -31,7 +31,7 @@ import com.datentechnik.process_engine.api.ExecutionContext;
  * <li>Parses the identity link retrieved as {@code InfoBoxReadResponse} from POST parameter {@link MOAIDAuthConstants#PARAM_XMLRESPONSE}.</li>
  * <li>Verifies the identity link.</li>
  * <li>Updates moa session.</li>
- * <li>Puts boolean flag {@code identityLinkFound} into {@code ExecutionContext}.</li>
+ * <li>Puts boolean flag {@code identityLinkAvailable} into {@code ExecutionContext}.</li>
  * </ul>
  * Expects:
  * <ul>
@@ -41,10 +41,9 @@ import com.datentechnik.process_engine.api.ExecutionContext;
  * Result:
  * <ul>
  * <li>Identity link put into moa session.</li>
- * <li>Boolean flag {@code identityLinkFound} into {@code ExecutionContext}.</li>
+ * <li>Boolean flag {@code identityLinkAvailable} into {@code ExecutionContext}.</li>
  * </ul>
  * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet}.
- * @author tknall
  * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
  *
  */
@@ -81,10 +80,10 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask {
 
 			AuthenticationSession session = AuthenticationServer.getSession(sessionID);
 
-			boolean identityLinkFound = AuthenticationServer.getInstance().verifyIdentityLink(session, parameters) != null;
+			boolean identityLinkAvailable = AuthenticationServer.getInstance().verifyIdentityLink(session, parameters) != null;
 			AuthenticationSessionStoreage.storeSession(session);
 
-			executionContext.put("identityLinkFound", identityLinkFound);
+			executionContext.put("identityLinkAvailable", identityLinkAvailable);
 
 		} catch (ParseException ex) {
 			handleError(null, ex, req, resp, pendingRequestID);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/stork/AbstractPepsConnectorWithLocalSigningTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/stork/AbstractPepsConnectorWithLocalSigningTask.java
new file mode 100644
index 000000000..eff7fe43f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/stork/AbstractPepsConnectorWithLocalSigningTask.java
@@ -0,0 +1,258 @@
+package at.gv.egovernment.moa.id.auth.tasks.stork;
+
+import at.gv.egovernment.moa.id.auth.tasks.AbstractAuthServletTask;
+import iaik.x509.X509Certificate;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.StringWriter;
+import java.io.UnsupportedEncodingException;
+import java.security.cert.CertificateException;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+
+import javax.activation.DataSource;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.Source;
+import javax.xml.transform.TransformerConfigurationException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactoryConfigurationError;
+import javax.xml.transform.stream.StreamSource;
+
+import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.velocity.Template;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+import org.opensaml.saml2.core.StatusCode;
+import org.xml.sax.SAXException;
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.BKUException;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.auth.exception.ServiceException;
+import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet;
+import at.gv.egovernment.moa.id.auth.stork.STORKException;
+import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
+import at.gv.egovernment.moa.id.auth.tasks.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
+import at.gv.egovernment.moa.id.util.VelocityProvider;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.api.SPSSFactory;
+import at.gv.egovernment.moa.spss.api.SignatureVerificationService;
+import at.gv.egovernment.moa.spss.api.common.Content;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureLocation;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.util.StringUtils;
+import at.gv.util.xsd.xmldsig.SignatureType;
+import at.gv.util.xsd.xmldsig.X509DataType;
+
+import com.datentechnik.process_engine.api.ExecutionContext;
+
+import eu.stork.oasisdss.api.ApiUtils;
+import eu.stork.oasisdss.api.LightweightSourceResolver;
+import eu.stork.oasisdss.api.exceptions.ApiUtilsException;
+import eu.stork.oasisdss.api.exceptions.UtilsException;
+import eu.stork.oasisdss.profile.SignRequest;
+import eu.stork.oasisdss.profile.SignResponse;
+import eu.stork.peps.auth.commons.IPersonalAttributeList;
+import eu.stork.peps.auth.commons.PEPSUtil;
+import eu.stork.peps.auth.commons.PersonalAttribute;
+import eu.stork.peps.auth.commons.STORKAuthnRequest;
+import eu.stork.peps.auth.commons.STORKAuthnResponse;
+import eu.stork.peps.auth.engine.STORKSAMLEngine;
+import eu.stork.peps.exceptions.STORKSAMLEngineException;
+
+public abstract class AbstractPepsConnectorWithLocalSigningTask extends AbstractAuthServletTask {
+
+	String getCitizienSignatureFromSignResponse(SignResponse dssSignResponse) throws IllegalArgumentException,
+			TransformerConfigurationException, UtilsException, TransformerException,
+			TransformerFactoryConfigurationError, IOException, ApiUtilsException {
+		// fetch signed doc
+		DataSource ds = LightweightSourceResolver.getDataSource(dssSignResponse);
+		if (ds == null) {
+			throw new ApiUtilsException("No datasource found in response");
+		}
+
+		InputStream incoming = ds.getInputStream();
+		String citizenSignature = IOUtils.toString(incoming);
+		incoming.close();
+
+		return citizenSignature;
+	}
+
+	void SZRGInsertion(AuthenticationSession moaSession, IPersonalAttributeList personalAttributeList,
+			String authnContextClassRef, String citizenSignature) throws STORKException, MOAIDException {
+		Logger.debug("Foregin Citizen signature successfully extracted from STORK Assertion (signedDoc)");
+		Logger.debug("Citizen signature will be verified by SZR Gateway!");
+
+		Logger.debug("fetching OAParameters from database");
+
+		OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
+				moaSession.getPublicOAURLPrefix());
+		if (oaParam == null)
+			throw new AuthenticationException("auth.00", new Object[] { moaSession.getPublicOAURLPrefix() });
+
+		// retrieve target
+		// TODO: check in case of SSO!!!
+		String targetType = null;
+		if (oaParam.getBusinessService()) {
+			String id = oaParam.getIdentityLinkDomainIdentifier();
+			if (id.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_))
+				targetType = id;
+			else
+				targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_ + moaSession.getDomainIdentifier();
+		} else {
+			targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget();
+		}
+
+		Logger.debug("Starting connecting SZR Gateway");
+		// contact SZR Gateway
+		IdentityLink identityLink = null;
+
+		identityLink = STORKResponseProcessor.connectToSZRGateway(personalAttributeList, oaParam.getFriendlyName(),
+				targetType, null, oaParam.getMandateProfiles(), citizenSignature);
+		Logger.debug("SZR communication was successfull");
+
+		if (identityLink == null) {
+			Logger.error("SZR Gateway did not return an identity link.");
+			throw new MOAIDException("stork.10", null);
+		}
+		Logger.info("Received Identity Link from SZR Gateway");
+		moaSession.setIdentityLink(identityLink);
+
+		Logger.debug("Adding addtional STORK attributes to MOA session");
+		moaSession.setStorkAttributes(personalAttributeList);
+
+		// We don't have BKUURL, setting from null to "Not applicable"
+		moaSession.setBkuURL("Not applicable (STORK Authentication)");
+
+		// free for single use
+		moaSession.setAuthenticatedUsed(false);
+
+		// stork did the authentication step
+		moaSession.setAuthenticated(true);
+
+		// TODO: found better solution, but QAA Level in response could be not supported yet
+		try {
+			if (authnContextClassRef == null)
+				authnContextClassRef = PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel();
+			moaSession.setQAALevel(authnContextClassRef);
+
+		} catch (Throwable e) {
+			Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level");
+			moaSession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel());
+
+		}
+
+	}
+
+	X509Certificate getSignerCertificate(String citizenSignature) throws CertificateException, JAXBException,
+			UnsupportedEncodingException {
+		JAXBContext ctx = JAXBContext.newInstance(SignatureType.class.getPackage().getName());
+		SignatureType root = ((JAXBElement<SignatureType>) ctx.createUnmarshaller().unmarshal(
+				IOUtils.toInputStream(citizenSignature))).getValue();
+
+		// extract certificate
+		for (Object current : root.getKeyInfo().getContent())
+			if (((JAXBElement<?>) current).getValue() instanceof X509DataType) {
+				for (Object currentX509Data : ((JAXBElement<X509DataType>) current).getValue()
+						.getX509IssuerSerialOrX509SKIOrX509SubjectName()) {
+					JAXBElement<?> casted = ((JAXBElement<?>) currentX509Data);
+					if (casted.getName().getLocalPart().equals("X509Certificate")) {
+						return new X509Certificate(((String) casted.getValue()).getBytes("UTF-8"));
+					}
+				}
+			}
+		return null;
+	}
+
+	VerifyXMLSignatureResponse verifyXMLSignature(String signature) throws AuthenticationException, ParseException,
+			BKUException, BuildException, ConfigurationException, ServiceException, UnsupportedEncodingException,
+			SAXException, IOException, ParserConfigurationException, MOAException {
+		// Based on MOA demo client
+		// Factory und Service instanzieren
+		SPSSFactory spssFac = SPSSFactory.getInstance();
+		SignatureVerificationService sigVerifyService = SignatureVerificationService.getInstance();
+
+		Content sigDocContent1 = spssFac.createContent(IOUtils.toInputStream(signature, "UTF-8"), null);
+
+		// Position der zu prüfenden Signatur im Dokument angeben
+		// (Nachdem im XPath-Ausdruck ein NS-Präfix verwendet wird, muss in einer Lookup-Tabelle
+		// der damit bezeichnete Namenraum mitgegeben werden)
+		HashMap nSMap = new HashMap();
+		nSMap.put("dsig", "http://www.w3.org/2000/09/xmldsig#");
+		VerifySignatureLocation sigLocation = spssFac.createVerifySignatureLocation("//dsig:Signature", nSMap);
+
+		// Zu prüfendes Dokument und Signaturposition zusammenfassen
+
+		VerifySignatureInfo sigInfo = spssFac.createVerifySignatureInfo(sigDocContent1, sigLocation);
+
+		// Prüfrequest zusammenstellen
+		VerifyXMLSignatureRequest verifyRequest = spssFac.createVerifyXMLSignatureRequest(null, // Wird Prüfzeit nicht
+																								// angegeben, wird
+																								// aktuelle Zeit
+																								// verwendet
+				sigInfo, null, // Keine Ergänzungsobjekte notwendig
+				null, // Signaturmanifest-Prüfung soll nicht durchgeführt werden
+				false, // Hash-Inputdaten, d.h. tatsächlich signierte Daten werden nicht zurückgeliefert
+				"MOAIDBuergerkartePersonenbindungMitTestkarten");// TODO load from config
+		// "Test-Signaturdienste"); // ID des verwendeten Vertrauensprofils
+
+		VerifyXMLSignatureResponse verifyResponse = null;
+		try {
+			// Aufruf der Signaturprüfung
+			verifyResponse = sigVerifyService.verifyXMLSignature(verifyRequest);
+		} catch (MOAException e) {
+			// Service liefert Fehler
+			System.err.println("Die Signaturprüfung hat folgenden Fehler geliefert:");
+			System.err.println("Fehlercode: " + e.getMessageId());
+			System.err.println("Fehlernachricht: " + e.getMessage());
+			throw e;
+		}
+
+		return verifyResponse;
+	}
+
+	at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse convert(
+			VerifyXMLSignatureResponse xMLVerifySignatureResponse) {
+		at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse response = new at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse();
+		response.setCertificateCheckCode(xMLVerifySignatureResponse.getCertificateCheck().getCode());
+		response.setPublicAuthority(xMLVerifySignatureResponse.getSignerInfo().isPublicAuthority());
+		// response.setPublicAuthorityCode(publicAuthorityCode)
+		response.setQualifiedCertificate(xMLVerifySignatureResponse.getSignerInfo().isQualifiedCertificate());
+		response.setSignatureCheckCode(xMLVerifySignatureResponse.getSignatureCheck().getCode());
+		response.setSignatureManifestCheckCode(xMLVerifySignatureResponse.getSignatureManifestCheck().getCode());
+		// response.setSigningDateTime()
+		// response.setX509certificate(x509certificate)
+		response.setXmlDSIGManifestCheckCode(xMLVerifySignatureResponse.getSignatureManifestCheck().getCode());
+		// response.setXmlDSIGManigest(xMLVerifySignatureResponse.getSignatureManifestCheck())
+		// response.setXmlDsigSubjectName(xmlDsigSubjectName)
+		return response;
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/stork/CreateStorkAuthRequestFormTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/stork/CreateStorkAuthRequestFormTask.java
new file mode 100644
index 000000000..c32c9d791
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/stork/CreateStorkAuthRequestFormTask.java
@@ -0,0 +1,114 @@
+package at.gv.egovernment.moa.id.auth.tasks.stork;
+
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.tasks.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.stork.CPEPS;
+import at.gv.egovernment.moa.id.config.stork.STORKConfig;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.logging.Logger;
+
+import com.datentechnik.process_engine.api.ExecutionContext;
+
+/**
+ * Creates a SAML2 STORK authentication request, embeds it in a form (in order to satisfy saml post binging) and returns the form withing the HttpServletResponse.<p/>
+ * In detail:
+ * <ul>
+ * <li>Validates the stork configuration in order to make sure the selected country is supported.</li>
+ * <li>Puts a flag ({@link #PROCESS_CTX_KEY_CPEPS_ISXMLSIGSUPPORTED}) into the ExecutionContext reflecting the capability of the C-PEPS to create xml signatures.</li>
+ * <li>Invokes {@link AuthenticationServer#startSTORKAuthentication(HttpServletRequest, HttpServletResponse, AuthenticationSession)} which</li>
+ * <ul>
+ * <li>Creates and signs a SAML2 stork authentication request.</li>
+ * <li>Creates a signature request for auth block signature (either to be performed by the C-PEPS or locally).</li>
+ * <li>Using the velocity template engine in order to create a form with the embedded stork request.</li>
+ * <li>Writes the form to the response output stream.</li>
+ * </ul>
+ * </ul>
+ * Expects:
+ * <ul>
+ * <li>HttpServletRequest parameter {@link MOAIDAuthConstants#PARAM_SESSIONID}</li>
+ * <li>Property {@code ccc} set within the moa session.</li>
+ * </ul>
+ * Result:
+ * <ul>
+ * <li>Form containing a SAML2 Stork authentication request and an action url pointing to the selected C-PEPS.</li>
+ * <li>Assertion consumer URL for C-PEPS set either to {@code /PEPSConnector} in case of a C-PEPS supporting xml signatures or {@code /PEPSConnectorWithLocalSigning} if the selected C-PEPS does not support xml signatures.</li>
+ * <li>In case of a C-PEPS not supporting xml signature: moasession with set signedDoc property (containing the signature request for local signing).</li>
+ * <li>ExecutionContext contains the boolean flag {@link #PROCESS_CTX_KEY_CPEPS_ISXMLSIGSUPPORTED}.
+ * </ul>
+ * Code taken from {@link StartAuthenticationBuilder#build(AuthenticationSession, HttpServletRequest, HttpServletResponse)}.<br/>
+ * Using {@link AuthenticationServer#startSTORKAuthentication(HttpServletRequest, HttpServletResponse, AuthenticationSession)}
+ * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
+ */
+public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask {
+
+	/**
+	 * Boolean value reflecting the capability of the selected c-peps of creating xml signatures.
+	 */
+	public static final String PROCESS_CTX_KEY_CPEPS_ISXMLSIGSUPPORTED = "C-PEPS:XMLSignatureSupported";
+
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
+			throws Exception {
+
+		String pendingRequestID = null;
+		String sessionID = null;
+		try {
+			setNoCachingHeaders(resp);
+
+			sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID));
+			// check parameter
+			if (!ParamValidatorUtils.isValidSessionID(sessionID)) {
+				throw new WrongParametersException("CreateStorkAuthRequestFormTask", PARAM_SESSIONID, "auth.12");
+			}
+			AuthenticationSession moasession = AuthenticationServer.getSession(sessionID);
+			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+
+			if (StringUtils.isEmpty(moasession.getCcc())) {
+				// illegal state; task should not have been executed without a selected country
+				throw new AuthenticationException("stork.22", new Object[] { sessionID });
+			}
+			STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig();
+			if (!storkConfig.isSTORKAuthentication(moasession.getCcc())) {
+				throw new AuthenticationException("stork.23", new Object[] { moasession.getCcc(), sessionID });
+			}
+
+			// STORK authentication
+			// cpeps cannot be null
+			CPEPS cpeps = storkConfig.getCPEPS(moasession.getCcc());
+			Logger.debug("Found C-PEPS configuration for citizen of country: " + moasession.getCcc());
+			executionContext.put(PROCESS_CTX_KEY_CPEPS_ISXMLSIGSUPPORTED, cpeps.isXMLSignatureSupported());
+
+			Logger.info("Starting STORK authentication for a citizen of country: " + moasession.getCcc());
+			AuthenticationServer.startSTORKAuthentication(req, resp, moasession);
+
+		} catch (MOAIDException ex) {
+			handleError(null, ex, req, resp, pendingRequestID);
+
+		} catch (Exception e) {
+			Logger.error("CreateStorkAuthRequestFormTask has an interal Error.", e);
+			throw new MOAIDException("Internal error.", new Object[] { sessionID }, e);
+		}
+
+		finally {
+			ConfigurationDBUtils.closeSession();
+		}
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/stork/PepsConnectorHandleLocalSignResponseTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/stork/PepsConnectorHandleLocalSignResponseTask.java
new file mode 100644
index 000000000..738988ff7
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/stork/PepsConnectorHandleLocalSignResponseTask.java
@@ -0,0 +1,218 @@
+package at.gv.egovernment.moa.id.auth.tasks.stork;
+
+import iaik.x509.X509Certificate;
+
+import java.io.IOException;
+import java.io.StringWriter;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.transform.Source;
+import javax.xml.transform.stream.StreamSource;
+
+import org.apache.commons.codec.binary.Base64;
+import org.apache.velocity.Template;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.stork.STORKException;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.VelocityProvider;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
+
+import com.datentechnik.process_engine.api.ExecutionContext;
+
+import eu.stork.oasisdss.api.ApiUtils;
+import eu.stork.oasisdss.profile.SignResponse;
+import eu.stork.peps.auth.commons.IPersonalAttributeList;
+import eu.stork.peps.auth.commons.PersonalAttribute;
+
+/**
+ * Processes the citizen's signature, creates identity link using szr gateway and finalizes authentication.
+ * <p/>
+ * In detail:
+ * <ul>
+ * <li>Changes moa session id.</li>
+ * <li>Decodes and validates the sign response, extracting the citizen's signature.</li>
+ * <li>Verifies the citizen's signature.</li>
+ * <li>Create {@code signedDoc} attribute.</li>
+ * <li>Retrieve identity link from SZR gateway using the citizen's signature.</li>
+ * <li>If the S-PEPS did not provide any gender information, the szr gateway will not be able to issue an identity link.
+ * Therefore a form is presented asking for the subject's gender. The form finally submits the user back to the
+ * {@code /PepsConnectorWithLocalSigning} servlet (this task).</li>
+ * <li>The moa session is updated with authentication information.</li>
+ * <li>Change moa session id.</li>
+ * <li>Redirects back to {@code /dispatcher} in order to finalize the authentication.</li>
+ * </ul>
+ * Expects:
+ * <ul>
+ * <li>HttpServletRequest parameter {@code moaSessionID}</li>
+ * <li>HttpServletRequest parameter {@code signresponse}</li>
+ * </ul>
+ * Result:
+ * <ul>
+ * <li>Updated moa id session (signed auth block, signer certificate etc.)</li>
+ * <li>Redirect to {@code /dispatcher}.</li>
+ * <li>{@link ExecutionContext} contains boolean flag {@code identityLinkAvailable} indicating if an identitylink has been successfully creates or not.</li>
+ * </ul>
+ * Possible branches:
+ * <ul>
+ * <li>In case the szr gateway throws exception due to missing gender information:
+ * <ul>
+ * <li>Returns a form for gender selection with action url back to this servlet/task.</li>
+ * </ul>
+ * </li>
+ * </ul>
+ * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet}.<br/>
+ *
+ * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
+ */
+public class PepsConnectorHandleLocalSignResponseTask extends AbstractPepsConnectorWithLocalSigningTask {
+
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+			throws Exception {
+		String moaSessionID = request.getParameter("moaSessionID");
+		String signResponse = request.getParameter("signresponse");
+		Logger.info("moaSessionID:" + moaSessionID);
+		Logger.info("signResponse:" + signResponse);
+
+		if (moaSessionID != null && signResponse != null) {
+			// redirect from oasis with signresponse
+			handleSignResponse(executionContext, request, response);
+		} else {
+			// should not occur
+			throw new IOException("should not occur");
+		}
+		return;
+	}
+
+	private void handleSignResponse(ExecutionContext executionContext, HttpServletRequest request,
+			HttpServletResponse response) {
+		Logger.info("handleSignResponse started");
+		String moaSessionID = request.getParameter("moaSessionID");
+		String signResponse = request.getParameter("signresponse");
+		Logger.info("moaSessionID:" + moaSessionID);
+		Logger.info("signResponse:" + signResponse);
+		String pendingRequestID = null;
+		try {
+
+			// load MOASession from database
+			AuthenticationSession moaSession = AuthenticationServer.getSession(moaSessionID);
+			// change MOASessionID
+			moaSessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
+
+			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);
+			Logger.info("pendingRequestID:" + pendingRequestID);
+			String signResponseString = new String(Base64.decodeBase64(signResponse), "UTF8");
+			Logger.info("RECEIVED signresponse:" + signResponseString);
+			// create SignResponse object
+			Source response1 = new StreamSource(new java.io.StringReader(signResponseString));
+			SignResponse dssSignResponse = ApiUtils.unmarshal(response1, SignResponse.class);
+
+			// SignResponse dssSignResponse = (SignResponse) ApiUtils.unmarshal(new StreamSource(new
+			// java.io.StringReader(Base64.signResponse)));
+
+			String citizenSignature = getCitizienSignatureFromSignResponse(dssSignResponse);
+
+			// memorize signature into authblock
+			moaSession.setAuthBlock(citizenSignature);
+
+			X509Certificate cert = getSignerCertificate(citizenSignature);
+			moaSession.setSignerCertificate(cert);
+			VerifyXMLSignatureResponse xMLVerifySignatureResponse = verifyXMLSignature(citizenSignature);
+			at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse tmp = convert(xMLVerifySignatureResponse);
+
+			moaSession.setXMLVerifySignatureResponse(tmp);
+			executionContext.put("identityLinkAvailable", false);
+			try {
+				IPersonalAttributeList personalAttributeList = moaSession.getAuthnResponseGetPersonalAttributeList();
+				// Add SignResponse TODO Add signature (extracted from signResponse)?
+				List<String> values = new ArrayList<String>();
+				values.add(signResponseString);
+				// values.add(citizenSignature);
+				Logger.debug("Assembling signedDoc attribute");
+				PersonalAttribute signedDocAttribute = new PersonalAttribute("signedDoc", false, values, "Available");
+				personalAttributeList.add(signedDocAttribute);
+
+				String authnContextClassRef = moaSession.getAuthnContextClassRef();
+				SZRGInsertion(moaSession, personalAttributeList, authnContextClassRef, citizenSignature);
+				executionContext.put("identityLinkAvailable", true);
+			} catch (STORKException e) {
+				// this is really nasty but we work against the system here. We are supposed to get the gender attribute
+				// from
+				// stork. If we do not, we cannot register the person in the ERnP - we have to have the
+				// gender for the represented person. So here comes the dirty hack.
+				if (e.getCause() instanceof STORKException
+						&& e.getCause().getMessage().equals("gender not found in response")) {
+					try {
+						Logger.trace("Initialize VelocityEngine...");
+
+						VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+						Template template = velocityEngine.getTemplate("/resources/templates/fetchGender.html");
+						VelocityContext context = new VelocityContext();
+						context.put("SAMLResponse", request.getParameter("SAMLResponse"));
+						context.put("action", request.getRequestURL());
+
+						StringWriter writer = new StringWriter();
+						template.merge(context, writer);
+						response.getOutputStream().write(writer.toString().getBytes("UTF-8"));
+					} catch (Exception e1) {
+						Logger.error("Error sending gender retrival form.", e1);
+						// httpSession.invalidate();
+						throw new MOAIDException("stork.10", null);
+					}
+
+					return;
+				}
+
+				Logger.error("Error connecting SZR Gateway", e);
+				throw new MOAIDException("stork.10", null);
+			}
+
+			Logger.debug("Add full STORK AuthnResponse to MOA session");
+			moaSession.setStorkAuthnResponse(request.getParameter("SAMLResponse"));// TODO ask Florian/Thomas
+																					// authnResponse?
+			moaSession.setForeigner(true);
+
+			// session is implicit stored in changeSessionID!!!!
+			String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
+
+			Logger.info("Changed MOASession " + moaSessionID + " to Session " + newMOASessionID);
+
+			// redirect
+			String redirectURL = null;
+			redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(),
+					ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction(), pendingRequestID),
+					newMOASessionID);
+			redirectURL = response.encodeRedirectURL(redirectURL);
+
+			response.sendRedirect(redirectURL);
+			Logger.info("REDIRECT TO: " + redirectURL);
+
+		} catch (AuthenticationException e) {
+			handleError(null, e, request, response, pendingRequestID);
+
+		} catch (MOAIDException e) {
+			handleError(null, e, request, response, pendingRequestID);
+
+		} catch (Exception e) {
+			Logger.error("PEPSConnector has an interal Error.", e);
+		}
+
+		finally {
+			ConfigurationDBUtils.closeSession();
+		}
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/stork/PepsConnectorHandleResponseWithoutSignatureTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/stork/PepsConnectorHandleResponseWithoutSignatureTask.java
new file mode 100644
index 000000000..31bc28f5a
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/stork/PepsConnectorHandleResponseWithoutSignatureTask.java
@@ -0,0 +1,441 @@
+package at.gv.egovernment.moa.id.auth.tasks.stork;
+
+import iaik.x509.X509Certificate;
+
+import java.io.IOException;
+import java.io.StringWriter;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.transform.Source;
+import javax.xml.transform.stream.StreamSource;
+
+import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.velocity.Template;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+import org.opensaml.saml2.core.StatusCode;
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet;
+import at.gv.egovernment.moa.id.auth.stork.STORKException;
+import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
+import at.gv.egovernment.moa.id.util.VelocityProvider;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.StringUtils;
+
+import com.datentechnik.process_engine.api.ExecutionContext;
+
+import eu.stork.oasisdss.api.ApiUtils;
+import eu.stork.oasisdss.profile.SignRequest;
+import eu.stork.oasisdss.profile.SignResponse;
+import eu.stork.peps.auth.commons.IPersonalAttributeList;
+import eu.stork.peps.auth.commons.PEPSUtil;
+import eu.stork.peps.auth.commons.PersonalAttribute;
+import eu.stork.peps.auth.commons.STORKAuthnRequest;
+import eu.stork.peps.auth.commons.STORKAuthnResponse;
+import eu.stork.peps.auth.engine.STORKSAMLEngine;
+import eu.stork.peps.exceptions.STORKSAMLEngineException;
+
+/**
+ * Validates the SAML response from C-PEPS.
+ * <p/>
+ * In detail:
+ * <ul>
+ * <li>Decodes and validates SAML response from C-PEPS.</li>
+ * <li>Retrieves the moa session using the session id provided by HttpServletRequest parameter {@code RelayState} or by {@code inResponseTo} attribute of the saml response.</li>
+ * <li>Store saml response in moa session.</li>
+ * <li>Change moa session id.</li>
+ * <li>Redirect to {@code /PEPSConnectorWithLocalSigning}, with providing the moa session id as request parameter.</li>
+ * </ul>
+ * Expects:
+ * <ul>
+ * <li>HttpServletRequest parameter {@code moaSessionID} <strong>to be {@code null}</strong></li>
+ * <li>HttpServletRequest parameter {@code signresponse} <strong>to be {@code null}</strong></li>
+ * <li>HttpServletRequest parameter {@code SAMLResponse}</li>
+ * <li>Either HttpServletRequest parameter {@code RelayState} or {@code inResponseTo} attribute within the saml response, both reflecting the moa session id.</li>
+ * </ul>
+ * Result:
+ * <ul>
+ * <li>Updated moa session (with saml response).</li>
+ * <li>Redirect to {@code /PEPSConnectorWithLocalSigning}, with providing the moa session id as request parameter.</li>
+ * </ul>
+ * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet}.<br/>
+ *
+ * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
+ */
+public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPepsConnectorWithLocalSigningTask {
+
+	private String oasisDssWebFormURL = "https://testvidp.buergerkarte.at/oasis-dss/DSSWebFormServlet";
+	// load from config below
+
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+			throws Exception {
+		String moaSessionID = request.getParameter("moaSessionID");
+		String signResponse = request.getParameter("signresponse");
+		Logger.info("moaSessionID:" + moaSessionID);
+		Logger.info("signResponse:" + signResponse);
+
+		if (moaSessionID == null && signResponse == null) {
+			// normal saml response
+			handleSAMLResponse(executionContext, request, response);
+
+		} else {
+			// should not occur
+			throw new IOException("should not occur");
+		}
+		return;
+	}
+
+	private void handleSAMLResponse(ExecutionContext executionContext, HttpServletRequest request,
+			HttpServletResponse response) {
+		Logger.info("handleSAMLResponse started");
+		String pendingRequestID = null;
+
+		setNoCachingHeaders(response);
+		try {
+			Logger.info("PEPSConnector Servlet invoked, expecting C-PEPS message.");
+			Logger.debug("This ACS endpoint is: " + HTTPUtils.getBaseURL(request));
+
+			Logger.trace("No Caching headers set for HTTP response");
+
+			// check if https or only http
+			super.checkIfHTTPisAllowed(request.getRequestURL().toString());
+
+			Logger.debug("Beginning to extract SAMLResponse out of HTTP Request");
+
+			// extract STORK Response from HTTP Request
+			// Decodes SAML Response
+			byte[] decSamlToken;
+			try {
+				decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLResponse"));
+				Logger.debug("SAMLResponse: " + new String(decSamlToken));
+
+			} catch (NullPointerException e) {
+				Logger.error("Unable to retrieve STORK Response", e);
+				throw new MOAIDException("stork.04", null);
+			}
+
+			// Get SAMLEngine instance
+			STORKSAMLEngine engine = STORKSAMLEngine.getInstance("outgoing");
+
+			STORKAuthnResponse authnResponse = null;
+			try {
+				// validate SAML Token
+				Logger.debug("Starting validation of SAML response");
+				authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, (String) request.getRemoteHost());
+				Logger.info("SAML response succesfully verified!");
+			} catch (STORKSAMLEngineException e) {
+				Logger.error("Failed to verify STORK SAML Response", e);
+				throw new MOAIDException("stork.05", null);
+			}
+
+			Logger.info("STORK SAML Response message succesfully extracted");
+			Logger.debug("STORK response: ");
+			Logger.debug(authnResponse.toString());
+
+			Logger.debug("Trying to find MOA Session-ID ...");
+			// String moaSessionID = request.getParameter(PARAM_SESSIONID);
+			// first use SAML2 relayState
+			String moaSessionID = request.getParameter("RelayState");
+
+			// escape parameter strings
+			moaSessionID = StringEscapeUtils.escapeHtml(moaSessionID);
+
+			// check if SAML2 relaystate includes a MOA sessionID
+			if (StringUtils.isEmpty(moaSessionID)) {
+				// if relaystate is emtpty, use SAML response -> inResponseTo element as session identifier
+
+				moaSessionID = authnResponse.getInResponseTo();
+				moaSessionID = StringEscapeUtils.escapeHtml(moaSessionID);
+
+				if (StringUtils.isEmpty(moaSessionID)) {
+					// No authentication session has been started before
+					Logger.error("MOA-SessionID was not found, no previous AuthnRequest had been started");
+					Logger.debug("PEPSConnectorURL was: " + request.getRequestURL());
+					throw new AuthenticationException("auth.02", new Object[] { moaSessionID });
+
+				} else
+					Logger.trace("Use MOA SessionID " + moaSessionID + " from AuthnResponse->inResponseTo attribute.");
+
+			} else
+				// Logger.trace("MOA SessionID " + moaSessionID + " is found in http GET parameter.");
+				Logger.trace("MOA SessionID " + moaSessionID + " is found in SAML2 relayState.");
+
+			/*
+			 * INFO!!!! SAML message IDs has an different format then MOASessionIDs This is only a workaround because
+			 * many PEPS does not support SAML2 relayState or MOASessionID as AttributConsumerServiceURL GET parameter
+			 */
+			// if (!ParamValidatorUtils.isValidSessionID(moaSessionID))
+			// throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12");
+
+			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);
+
+			// load MOASession from database
+			AuthenticationSession moaSession = AuthenticationServer.getSession(moaSessionID);
+			// change MOASessionID
+			moaSessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
+
+			Logger.info("Found MOA sessionID: " + moaSessionID);
+
+			String statusCodeValue = authnResponse.getStatusCode();
+
+			if (!statusCodeValue.equals(StatusCode.SUCCESS_URI)) {
+				Logger.error("Received ErrorResponse from PEPS: " + statusCodeValue);
+				throw new MOAIDException("stork.06", new Object[] { statusCodeValue });
+			}
+
+			Logger.info("Got SAML response with authentication success message.");
+
+			Logger.debug("MOA session is still valid");
+
+			STORKAuthnRequest storkAuthnRequest = moaSession.getStorkAuthnRequest();
+
+			if (storkAuthnRequest == null) {
+				Logger.error("Could not find any preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
+				throw new MOAIDException("stork.07", null);
+			}
+
+			Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
+
+			// //////////// incorporate gender from parameters if not in stork response
+
+			IPersonalAttributeList attributeList = authnResponse.getPersonalAttributeList();
+
+			// but first, check if we have a representation case
+			if (STORKResponseProcessor.hasAttribute("mandateContent", attributeList)
+					|| STORKResponseProcessor.hasAttribute("representative", attributeList)
+					|| STORKResponseProcessor.hasAttribute("represented", attributeList)) {
+				// in a representation case...
+				moaSession.setUseMandate("true");
+
+				// and check if we have the gender value
+				PersonalAttribute gender = attributeList.get("gender");
+				if (null == gender) {
+					String gendervalue = (String) request.getParameter("gender");
+					if (null != gendervalue) {
+						gender = new PersonalAttribute();
+						gender.setName("gender");
+						ArrayList<String> tmp = new ArrayList<String>();
+						tmp.add(gendervalue);
+						gender.setValue(tmp);
+
+						authnResponse.getPersonalAttributeList().add(gender);
+					}
+				}
+			}
+
+			
+			
+			// ////////////////////////////////////////////////////////////////////////
+
+			Logger.debug("Starting extraction of signedDoc attribute");
+			// extract signed doc element and citizen signature
+			String citizenSignature = null;
+			try {
+				PersonalAttribute signedDoc = authnResponse.getPersonalAttributeList().get("signedDoc");
+				String signatureInfo = null;
+				// FIXME: Remove nonsense code (signedDoc attribute... (throw Exception for "should not occur" situations)), adjust error messages in order to reflect the true problem...
+				if (signedDoc != null) {
+					signatureInfo = signedDoc.getValue().get(0);
+					// should not occur
+				} else {
+
+					// store SAMLResponse
+					moaSession.setSAMLResponse(request.getParameter("SAMLResponse"));
+					// store authnResponse
+
+					// moaSession.setAuthnResponse(authnResponse);//not serializable
+					moaSession.setAuthnResponseGetPersonalAttributeList(authnResponse.getPersonalAttributeList());
+
+					String authnContextClassRef = null;
+					try {
+						authnContextClassRef = authnResponse.getAssertions().get(0).getAuthnStatements().get(0)
+								.getAuthnContext().getAuthnContextClassRef().getAuthnContextClassRef();
+					} catch (Throwable e) {
+						Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level");
+					}
+
+					moaSession.setAuthnContextClassRef(authnContextClassRef);
+					moaSession.setReturnURL(request.getRequestURL());
+
+					// load signedDoc
+					String signRequest = moaSession.getSignedDoc();
+
+					// session is implicit stored in changeSessionID!!!!
+					String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
+
+					// set return url to PEPSConnectorWithLocalSigningServlet and add newMOASessionID
+					// signRequest
+
+					String issuerValue = AuthConfigurationProvider.getInstance().getPublicURLPrefix();
+					String acsURL = issuerValue
+							+ PEPSConnectorWithLocalSigningServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN;
+
+					String url = acsURL + "?moaSessionID=" + newMOASessionID;
+					// redirect to OASIS module and sign there
+
+					boolean found = false;
+					try {
+						List<AttributeProviderPlugin> aps = AuthConfigurationProvider.getInstance()
+								.getOnlineApplicationParameter(moaSession.getPublicOAURLPrefix()).getStorkAPs();
+						Logger.info("Found AttributeProviderPlugins:" + aps.size());
+						for (AttributeProviderPlugin ap : aps) {
+							Logger.info("Found AttributeProviderPlugin attribute:" + ap.getAttributes());
+							if (ap.getAttributes().equalsIgnoreCase("signedDoc")) {
+								// FIXME: A servlet's class field is not thread safe!!!
+								oasisDssWebFormURL = ap.getUrl();
+								found = true;
+								Logger.info("Loaded signedDoc attribute provider url from config:" + oasisDssWebFormURL);
+								break;
+							}
+						}
+					} catch (Exception e) {
+						e.printStackTrace();
+						Logger.error("Loading the signedDoc attribute provider url from config failed");
+					}
+					if (!found) {
+						Logger.error("Failed to load the signedDoc attribute provider url from config");
+					}
+					performRedirect(url, request, response, signRequest);
+
+					return;
+				}
+				
+				// FIXME: This servlet/task is intended to handle peps responses without signature, so why do we try to process that signature here?
+				SignResponse dssSignResponse = (SignResponse) ApiUtils.unmarshal(new StreamSource(
+						new java.io.StringReader(signatureInfo)));
+
+				citizenSignature = getCitizienSignatureFromSignResponse(dssSignResponse);
+
+				// memorize signature into authblock
+				moaSession.setAuthBlock(citizenSignature);
+
+				X509Certificate cert = getSignerCertificate(citizenSignature);
+				moaSession.setSignerCertificate(cert);
+				moaSession.setForeigner(true);
+
+			} catch (Throwable e) {
+				Logger.error("Could not extract citizen signature from C-PEPS", e);
+				throw new MOAIDException("stork.09", null);
+			}
+
+			// FIXME: Same here; we do not have the citizen's signature, so this code might be regarded as dead code.
+			try {
+				SZRGInsertion(moaSession, authnResponse.getPersonalAttributeList(), authnResponse.getAssertions()
+						.get(0).getAuthnStatements().get(0).getAuthnContext().getAuthnContextClassRef()
+						.getAuthnContextClassRef(), citizenSignature);
+			} catch (STORKException e) {
+				// this is really nasty but we work against the system here. We are supposed to get the gender attribute
+				// from
+				// stork. If we do not, we cannot register the person in the ERnP - we have to have the
+				// gender for the represented person. So here comes the dirty hack.
+				if (e.getCause() instanceof STORKException
+						&& e.getCause().getMessage().equals("gender not found in response")) {
+					try {
+						Logger.trace("Initialize VelocityEngine...");
+
+						VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+						Template template = velocityEngine.getTemplate("/resources/templates/fetchGender.html");
+						VelocityContext context = new VelocityContext();
+						context.put("SAMLResponse", request.getParameter("SAMLResponse"));
+						context.put("action", request.getRequestURL());
+
+						StringWriter writer = new StringWriter();
+						template.merge(context, writer);
+
+						response.getOutputStream().write(writer.toString().getBytes("UTF-8"));
+					} catch (Exception e1) {
+						Logger.error("Error sending gender retrival form.", e1);
+						// httpSession.invalidate();
+						throw new MOAIDException("stork.10", null);
+					}
+
+					return;
+				}
+
+				Logger.error("Error connecting SZR Gateway", e);
+				throw new MOAIDException("stork.10", null);
+			}
+
+			Logger.debug("Add full STORK AuthnResponse to MOA session");
+			moaSession.setStorkAuthnResponse(request.getParameter("SAMLResponse"));// TODO ask Florian/Thomas
+																					// authnResponse?
+
+			// session is implicit stored in changeSessionID!!!!
+			String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
+
+			Logger.info("Changed MOASession " + moaSessionID + " to Session " + newMOASessionID);
+
+			// redirect
+			String redirectURL = null;
+			redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(),
+					ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction(), pendingRequestID),
+					newMOASessionID);
+			redirectURL = response.encodeRedirectURL(redirectURL);
+
+			response.setContentType("text/html");
+			response.setStatus(302);
+			response.addHeader("Location", redirectURL);
+			Logger.info("REDIRECT TO: " + redirectURL);
+
+		} catch (AuthenticationException e) {
+			handleError(null, e, request, response, pendingRequestID);
+
+		} catch (MOAIDException e) {
+			handleError(null, e, request, response, pendingRequestID);
+
+		} catch (Exception e) {
+			Logger.error("PEPSConnector has an interal Error.", e);
+		}
+
+		finally {
+			ConfigurationDBUtils.closeSession();
+		}
+
+	}
+
+	private void performRedirect(String url, HttpServletRequest req, HttpServletResponse resp, String signRequestString)
+			throws MOAIDException {
+
+		try {
+			Logger.trace("Initialize VelocityEngine...");
+
+			VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+			Template template = velocityEngine.getTemplate("/resources/templates/oasis_dss_webform_binding.vm");
+			VelocityContext context = new VelocityContext();
+
+			Logger.debug("performRedirect, signrequest:" + signRequestString);
+			Source signDoc = new StreamSource(new java.io.StringReader(signRequestString));
+			SignRequest signRequest = ApiUtils.unmarshal(signDoc, SignRequest.class);
+			signRequest.setReturnURL("TODO");
+			signRequestString = IOUtils.toString(ApiUtils.marshalToInputStream(signRequest));
+			context.put("signrequest", Base64.encodeBase64String(signRequestString.getBytes("UTF8")));
+			context.put("clienturl", url);
+			context.put("action", oasisDssWebFormURL);
+
+			StringWriter writer = new StringWriter();
+			template.merge(context, writer);
+
+			resp.getOutputStream().write(writer.toString().getBytes("UTF-8"));
+		} catch (Exception e) {
+			Logger.error("Error sending DSS signrequest.", e);
+			throw new MOAIDException("stork.11", null);
+		}
+	}
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/stork/PepsConnectorTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/stork/PepsConnectorTask.java
new file mode 100644
index 000000000..0e4e2a0f7
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/stork/PepsConnectorTask.java
@@ -0,0 +1,567 @@
+package at.gv.egovernment.moa.id.auth.tasks.stork;
+
+import iaik.x509.X509Certificate;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.StringWriter;
+import java.net.URL;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Properties;
+
+import javax.activation.DataSource;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.namespace.QName;
+import javax.xml.transform.stream.StreamSource;
+import javax.xml.ws.BindingProvider;
+import javax.xml.ws.Service;
+import javax.xml.ws.soap.SOAPBinding;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.velocity.Template;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+import org.opensaml.saml2.core.StatusCode;
+
+import com.datentechnik.process_engine.api.ExecutionContext;
+
+import eu.stork.documentservice.DocumentService;
+import eu.stork.documentservice.data.DatabaseConnectorMySQLImpl;
+import eu.stork.oasisdss.api.ApiUtils;
+import eu.stork.oasisdss.api.LightweightSourceResolver;
+import eu.stork.oasisdss.api.exceptions.ApiUtilsException;
+import eu.stork.oasisdss.profile.DocumentType;
+import eu.stork.oasisdss.profile.DocumentWithSignature;
+import eu.stork.oasisdss.profile.SignResponse;
+import eu.stork.peps.auth.commons.IPersonalAttributeList;
+import eu.stork.peps.auth.commons.PEPSUtil;
+import eu.stork.peps.auth.commons.PersonalAttribute;
+import eu.stork.peps.auth.commons.PersonalAttributeList;
+import eu.stork.peps.auth.commons.STORKAttrQueryRequest;
+import eu.stork.peps.auth.commons.STORKAuthnRequest;
+import eu.stork.peps.auth.commons.STORKAuthnResponse;
+import eu.stork.peps.auth.engine.STORKSAMLEngine;
+import eu.stork.peps.exceptions.STORKSAMLEngineException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.stork.STORKException;
+import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
+import at.gv.egovernment.moa.id.auth.tasks.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
+import at.gv.egovernment.moa.id.util.VelocityProvider;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.StringUtils;
+import at.gv.util.xsd.xmldsig.SignatureType;
+import at.gv.util.xsd.xmldsig.X509DataType;
+
+/**
+ * Evaluates the SAML response from the C-PEPS and authenticates the user.
+ * <p/>
+ * In detail:
+ * <ul>
+ * <li>Decodes and validates the SAML response from the C-PEPS.</li>
+ * <li>Change moa session id.</li>
+ * <li>Extracts the subject's gender from request parameter {@code gender} if not available from the saml response.</li>
+ * <li>Extracts the {@code signedDoc} attribute from the response, get signed doc payload using stork attribute query request.</li>
+ * <li>Request SZR gateway for verification of the citizen's signature and for creating of an identity link.</li>
+ * <li>In case of mandate mode: If the S-PEPS did not provide any gender information, the szr gateway will not be able to issue an identity link. Therefore a form is presented asking for the subject's gender. The form submits the user back to the {@code /PepsConnector} servlet (this task).</li>
+ * <li>The moa session is updated with authentication information.</li>
+ * <li>Change moa session id.</li>
+ * <li>Redirects back to {@code /dispatcher} in order to finalize the authentication.</li>
+ * </ul>
+ * Expects:
+ * <ul>
+ * <li>HttpServletRequest parameter {@code SAMLResponse}</li>
+ * <li>Either HttpServletRequest parameter {@code RelayState} or {@code inResponseTo} attribute from the SAML response (both depicting the moa session id)</li>
+ * <li>HttpServletRequest parameter {@code gender} in case the request comes from the gender selection form</li>
+ * <li>{@code signedDoc} attribute within the SAML response.</li>
+ * </ul>
+ * Result:
+ * <ul>
+ * <li>Updated moa id session (identity link, stork attributes...)</li>
+ * <li>{@link ExecutionContext} contains boolean flag {@code identityLinkAvailable} indicating if an identitylink has been successfully creates or not.</li>
+ * <li>Redirect to {@code /dispatcher}.</li> 
+ * </ul>
+ * Possible branches:
+ * <ul>
+ * <li>In case the szr gateway throws exception due to missing gender information:
+ * <ul>
+ * <li>Returns a form for gender selection with action url back to this servlet/task.</li>
+ * </ul>
+ * </li>
+ * </ul>
+ * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet}.<br/>
+ *
+ * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
+ */
+public class PepsConnectorTask extends AbstractAuthServletTask {
+
+	private String dtlUrl = null;
+
+	public PepsConnectorTask() {
+		super();
+		Properties props = new Properties();
+		try {
+			props.load(DatabaseConnectorMySQLImpl.class.getResourceAsStream("docservice.properties"));
+			dtlUrl = props.getProperty("docservice.url");
+		} catch (IOException e) {
+			dtlUrl = "http://testvidp.buergerkarte.at/DocumentService/DocumentService";
+			Logger.error("Loading DTL config failed, using default value:" + dtlUrl);
+			e.printStackTrace();
+		}
+	}
+
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+			throws Exception {
+		String pendingRequestID = null;
+
+		setNoCachingHeaders(response);
+
+		try {
+
+			Logger.info("PEPSConnector Servlet invoked, expecting C-PEPS message.");
+			Logger.debug("This ACS endpoint is: " + HTTPUtils.getBaseURL(request));
+
+			// check if https or only http
+			super.checkIfHTTPisAllowed(request.getRequestURL().toString());
+
+			Logger.debug("Beginning to extract SAMLResponse out of HTTP Request");
+
+			// extract STORK Response from HTTP Request
+			// Decodes SAML Response
+			byte[] decSamlToken;
+			try {
+				decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLResponse"));
+				Logger.debug("SAMLResponse: " + new String(decSamlToken));
+
+			} catch (NullPointerException e) {
+				Logger.error("Unable to retrieve STORK Response", e);
+				throw new MOAIDException("stork.04", null);
+			}
+
+			// Get SAMLEngine instance
+			STORKSAMLEngine engine = STORKSAMLEngine.getInstance("outgoing");
+
+			STORKAuthnResponse authnResponse = null;
+			try {
+				// validate SAML Token
+				Logger.debug("Starting validation of SAML response");
+				authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, (String) request.getRemoteHost());
+				Logger.info("SAML response succesfully verified!");
+			} catch (STORKSAMLEngineException e) {
+				Logger.error("Failed to verify STORK SAML Response", e);
+				throw new MOAIDException("stork.05", null);
+			}
+
+			Logger.info("STORK SAML Response message succesfully extracted");
+			Logger.debug("STORK response: ");
+			Logger.debug(authnResponse.toString());
+
+			Logger.debug("Trying to find MOA Session-ID ...");
+			// String moaSessionID = request.getParameter(PARAM_SESSIONID);
+			// first use SAML2 relayState
+			String moaSessionID = request.getParameter("RelayState");
+
+			// escape parameter strings
+			moaSessionID = StringEscapeUtils.escapeHtml(moaSessionID);
+
+			// check if SAML2 relaystate includes a MOA sessionID
+			if (StringUtils.isEmpty(moaSessionID)) {
+				// if relaystate is emtpty, use SAML response -> inResponseTo element as session identifier
+
+				moaSessionID = authnResponse.getInResponseTo();
+				moaSessionID = StringEscapeUtils.escapeHtml(moaSessionID);
+
+				if (StringUtils.isEmpty(moaSessionID)) {
+					// No authentication session has been started before
+					Logger.error("MOA-SessionID was not found, no previous AuthnRequest had been started");
+					Logger.debug("PEPSConnectorURL was: " + request.getRequestURL());
+					throw new AuthenticationException("auth.02", new Object[] { moaSessionID });
+
+				} else
+					Logger.trace("Use MOA SessionID " + moaSessionID + " from AuthnResponse->inResponseTo attribute.");
+
+			} else
+				// Logger.trace("MOA SessionID " + moaSessionID + " is found in http GET parameter.");
+				Logger.trace("MOA SessionID " + moaSessionID + " is found in SAML2 relayState.");
+
+			/*
+			 * INFO!!!! SAML message IDs has an different format then MOASessionIDs This is only a workaround because
+			 * many PEPS does not support SAML2 relayState or MOASessionID as AttributConsumerServiceURL GET parameter
+			 */
+			// if (!ParamValidatorUtils.isValidSessionID(moaSessionID))
+			// throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12");
+
+			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);
+
+			// load MOASession from database
+			AuthenticationSession moaSession = AuthenticationServer.getSession(moaSessionID);
+			// change MOASessionID
+			moaSessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
+
+			Logger.info("Found MOA sessionID: " + moaSessionID);
+
+			String statusCodeValue = authnResponse.getStatusCode();
+
+			if (!statusCodeValue.equals(StatusCode.SUCCESS_URI)) {
+				Logger.error("Received ErrorResponse from PEPS: " + statusCodeValue);
+				throw new MOAIDException("stork.06", new Object[] { statusCodeValue });
+			}
+
+			Logger.info("Got SAML response with authentication success message.");
+
+			Logger.debug("MOA session is still valid");
+
+			STORKAuthnRequest storkAuthnRequest = moaSession.getStorkAuthnRequest();
+
+			if (storkAuthnRequest == null) {
+				Logger.error("Could not find any preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
+				throw new MOAIDException("stork.07", null);
+			}
+
+			Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
+
+			// //////////// incorporate gender from parameters if not in stork response
+
+			IPersonalAttributeList attributeList = authnResponse.getPersonalAttributeList();
+
+			// but first, check if we have a representation case
+			if (STORKResponseProcessor.hasAttribute("mandateContent", attributeList)
+					|| STORKResponseProcessor.hasAttribute("representative", attributeList)
+					|| STORKResponseProcessor.hasAttribute("represented", attributeList)) {
+				// in a representation case...
+				moaSession.setUseMandate("true");
+
+				// and check if we have the gender value
+				PersonalAttribute gender = attributeList.get("gender"); // TODO Do we need to check gender value if
+																		// there is no representation case?
+				if (null == gender) {
+					String gendervalue = (String) request.getParameter("gender");
+					if (null != gendervalue) {
+						gender = new PersonalAttribute();
+						gender.setName("gender");
+						ArrayList<String> tmp = new ArrayList<String>();
+						tmp.add(gendervalue);
+						gender.setValue(tmp);
+
+						authnResponse.getPersonalAttributeList().add(gender);
+					}
+				}
+			}
+
+			// ////////////////////////////////////////////////////////////////////////
+
+			Logger.debug("Starting extraction of signedDoc attribute");
+			// extract signed doc element and citizen signature
+			String citizenSignature = null;
+			try {
+				String signatureInfo = authnResponse.getPersonalAttributeList().get("signedDoc").getValue().get(0); // TODO ERROR HANDLING
+
+				Logger.debug("signatureInfo:" + signatureInfo);
+
+				SignResponse dssSignResponse = (SignResponse) ApiUtils.unmarshal(new StreamSource(
+						new java.io.StringReader(signatureInfo)));
+
+				// fetch signed doc
+				DataSource ds = LightweightSourceResolver.getDataSource(dssSignResponse);
+				if (ds == null) {
+					throw new ApiUtilsException("No datasource found in response");
+				}
+
+				InputStream incoming = ds.getInputStream();
+				citizenSignature = IOUtils.toString(incoming);
+				incoming.close();
+
+				Logger.debug("citizenSignature:" + citizenSignature);
+				if (isDocumentServiceUsed(citizenSignature) == true) {
+					Logger.debug("Loading document from DocumentService.");
+					String url = getDtlUrlFromResponse(dssSignResponse);
+					// get Transferrequest
+					String transferRequest = getDocTransferRequest(dssSignResponse.getDocUI(), url);
+					// Load document from DocujmentService
+					byte[] data = getDocumentFromDtl(transferRequest, url);
+					citizenSignature = new String(data, "UTF-8");
+					Logger.debug("Overridung citizenSignature with:" + citizenSignature);
+				}
+
+				JAXBContext ctx = JAXBContext.newInstance(SignatureType.class.getPackage().getName());
+				SignatureType root = ((JAXBElement<SignatureType>) ctx.createUnmarshaller().unmarshal(
+						IOUtils.toInputStream(citizenSignature))).getValue();
+
+				// memorize signature into authblock
+				moaSession.setAuthBlock(citizenSignature);
+
+				// extract certificate
+				for (Object current : root.getKeyInfo().getContent())
+					if (((JAXBElement<?>) current).getValue() instanceof X509DataType) {
+						for (Object currentX509Data : ((JAXBElement<X509DataType>) current).getValue()
+								.getX509IssuerSerialOrX509SKIOrX509SubjectName()) {
+							JAXBElement<?> casted = ((JAXBElement<?>) currentX509Data);
+							if (casted.getName().getLocalPart().equals("X509Certificate")) {
+								moaSession.setSignerCertificate(new X509Certificate(((String) casted.getValue())
+										.getBytes("UTF-8")));
+								break;
+							}
+						}
+					}
+
+			} catch (Throwable e) {
+				Logger.error("Could not extract citizen signature from C-PEPS", e);
+				throw new MOAIDException("stork.09", null);
+			}
+			Logger.debug("Foregin Citizen signature successfully extracted from STORK Assertion (signedDoc)");
+			Logger.debug("Citizen signature will be verified by SZR Gateway!");
+
+			Logger.debug("fetching OAParameters from database");
+
+			// //read configuration paramters of OA
+			// AuthenticationSession moasession;
+			// try {
+			// moasession = AuthenticationSessionStoreage.getSession(moaSessionID);
+			// } catch (MOADatabaseException e2) {
+			// Logger.error("could not retrieve moa session");
+			// throw new AuthenticationException("auth.01", null);
+			// }
+			OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
+					moaSession.getPublicOAURLPrefix());
+			if (oaParam == null)
+				throw new AuthenticationException("auth.00", new Object[] { moaSession.getPublicOAURLPrefix() });
+
+			// retrieve target
+			// TODO: check in case of SSO!!!
+			String targetType = null;
+			if (oaParam.getBusinessService()) {
+				String id = oaParam.getIdentityLinkDomainIdentifier();
+				if (id.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_))
+					targetType = id;
+				else
+					targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_ + moaSession.getDomainIdentifier();
+			} else {
+				targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget();
+			}
+
+			Logger.debug("Starting connecting SZR Gateway");
+			// contact SZR Gateway
+			IdentityLink identityLink = null;
+			executionContext.put("identityLinkAvailable", false);
+			try {
+				identityLink = STORKResponseProcessor.connectToSZRGateway(authnResponse.getPersonalAttributeList(),
+						oaParam.getFriendlyName(), targetType, null, oaParam.getMandateProfiles(), citizenSignature);
+			} catch (STORKException e) {
+				// this is really nasty but we work against the system here. We are supposed to get the gender attribute
+				// from
+				// stork. If we do not, we cannot register the person in the ERnP - we have to have the
+				// gender for the represented person. So here comes the dirty hack.
+				if (e.getCause() instanceof STORKException
+						&& e.getCause().getMessage().equals("gender not found in response")) {
+					try {
+						Logger.trace("Initialize VelocityEngine...");
+
+						VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+						Template template = velocityEngine.getTemplate("/resources/templates/fetchGender.html");
+						VelocityContext context = new VelocityContext();
+						context.put("SAMLResponse", request.getParameter("SAMLResponse"));
+						context.put("action", request.getRequestURL());
+
+						StringWriter writer = new StringWriter();
+						template.merge(context, writer);
+
+						response.getOutputStream().write(writer.toString().getBytes("UTF-8"));
+					} catch (Exception e1) {
+						Logger.error("Error sending gender retrival form.", e1);
+						// httpSession.invalidate();
+						throw new MOAIDException("stork.10", null);
+					}
+
+					return;
+				}
+
+				Logger.error("Error connecting SZR Gateway", e);
+				throw new MOAIDException("stork.10", null);
+			}
+			Logger.debug("SZR communication was successfull");
+
+			if (identityLink == null) {
+				Logger.error("SZR Gateway did not return an identity link.");
+				throw new MOAIDException("stork.10", null);
+			}
+			moaSession.setForeigner(true);
+
+			Logger.info("Received Identity Link from SZR Gateway");
+			executionContext.put("identityLinkAvailable", true);
+			moaSession.setIdentityLink(identityLink);
+
+			Logger.debug("Adding addtional STORK attributes to MOA session");
+			moaSession.setStorkAttributes(authnResponse.getPersonalAttributeList());
+
+			Logger.debug("Add full STORK AuthnResponse to MOA session");
+			moaSession.setStorkAuthnResponse(request.getParameter("SAMLResponse"));
+
+			// We don't have BKUURL, setting from null to "Not applicable"
+			moaSession.setBkuURL("Not applicable (STORK Authentication)");
+
+			// free for single use
+			moaSession.setAuthenticatedUsed(false);
+
+			// stork did the authentication step
+			moaSession.setAuthenticated(true);
+
+			// TODO: found better solution, but QAA Level in response could be not supported yet
+			try {
+
+				moaSession.setQAALevel(authnResponse.getAssertions().get(0).getAuthnStatements().get(0)
+						.getAuthnContext().getAuthnContextClassRef().getAuthnContextClassRef());
+
+			} catch (Throwable e) {
+				Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level");
+				moaSession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel());
+
+			}
+
+			// session is implicit stored in changeSessionID!!!!
+			String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
+
+			Logger.info("Changed MOASession " + moaSessionID + " to Session " + newMOASessionID);
+
+			// redirect
+			String redirectURL = null;
+			redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(),
+					ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction(), pendingRequestID),
+					newMOASessionID);
+			redirectURL = response.encodeRedirectURL(redirectURL);
+
+			// response.setContentType("text/html");
+			// response.setStatus(302);
+			// response.addHeader("Location", redirectURL);
+			response.sendRedirect(redirectURL);
+			Logger.info("REDIRECT TO: " + redirectURL);
+
+		} catch (AuthenticationException e) {
+			handleError(null, e, request, response, pendingRequestID);
+
+		} catch (MOAIDException e) {
+			handleError(null, e, request, response, pendingRequestID);
+
+		} catch (Exception e) {
+			Logger.error("PEPSConnector has an interal Error.", e);
+		}
+
+		finally {
+			ConfigurationDBUtils.closeSession();
+		}
+
+	}
+
+	private boolean isDocumentServiceUsed(String citizenSignature) // TODo add better check
+	{
+		if (citizenSignature
+				.contains("<table border=\"0\"><tr><td>Service Name:</td><td>{http://stork.eu}DocumentService</td></tr><tr><td>Port Name:</td><td>{http://stork.eu}DocumentServicePort</td></tr></table>"))
+			return true;
+		return false;
+	}
+
+	/**
+	 * Get DTL uril from the oasis sign response
+	 * 
+	 * @param signRequest
+	 *            The signature response
+	 * @return The URL of DTL service
+	 * @throws SimpleException
+	 */
+	private String getDtlUrlFromResponse(SignResponse dssSignResponse) {
+		List<DocumentWithSignature> documents = ApiUtils.findNamedElement(dssSignResponse.getOptionalOutputs(),
+				ApiUtils.OPTIONAL_OUTPUT_DOCUMENTWITHSIGNATURE, DocumentWithSignature.class);
+		DocumentType sourceDocument = documents.get(0).getDocument();
+
+		if (sourceDocument.getDocumentURL() != null)
+			return sourceDocument.getDocumentURL();
+		else
+			return null;// throw new Exception("No document url found");
+	}
+
+	// From DTLPEPSUTIL
+
+	/**
+	 * Get document from DTL
+	 * 
+	 * @param transferRequest
+	 *            The transfer request (attribute query)
+	 * @param eDtlUrl
+	 *            The DTL url of external DTL
+	 * @return the document data
+	 * @throws SimpleException
+	 */
+	private byte[] getDocumentFromDtl(String transferRequest, String eDtlUrl) throws Exception {
+		URL url = null;
+		try {
+			url = new URL(dtlUrl);
+			QName qname = new QName("http://stork.eu", "DocumentService");
+
+			Service service = Service.create(url, qname);
+			DocumentService docservice = service.getPort(DocumentService.class);
+
+			BindingProvider bp = (BindingProvider) docservice;
+			SOAPBinding binding = (SOAPBinding) bp.getBinding();
+			binding.setMTOMEnabled(true);
+
+			if (eDtlUrl.equalsIgnoreCase(dtlUrl))
+				return docservice.getDocument(transferRequest, "");
+			else
+				return docservice.getDocument(transferRequest, eDtlUrl);
+		} catch (Exception e) {
+			e.printStackTrace();
+			throw new Exception("Error in getDocumentFromDtl", e);
+		}
+	}
+
+	/**
+	 * Get a document transfer request (attribute query)
+	 * 
+	 * @param docId
+	 * @return
+	 * @throws SimpleException
+	 */
+	private String getDocTransferRequest(String docId, String destinationUrl) throws Exception {
+		String spCountry = docId.substring(0, docId.indexOf("/"));
+		final STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");
+		STORKAttrQueryRequest req = new STORKAttrQueryRequest();
+		req.setAssertionConsumerServiceURL(dtlUrl);
+		req.setDestination(destinationUrl);
+		req.setSpCountry(spCountry);
+		req.setQaa(3);// TODO
+		PersonalAttributeList pal = new PersonalAttributeList();
+		PersonalAttribute attr = new PersonalAttribute();
+		attr.setName("docRequest");
+		attr.setIsRequired(true);
+		attr.setValue(Arrays.asList(docId));
+		pal.add(attr);
+		req.setPersonalAttributeList(pal);
+
+		STORKAttrQueryRequest req1;
+		try {
+			req1 = engine.generateSTORKAttrQueryRequest(req);
+			return PEPSUtil.encodeSAMLTokenUrlSafe(req1.getTokenSaml());
+		} catch (STORKSAMLEngineException e) {
+			e.printStackTrace();
+			throw new Exception("Error in doc request attribute query generation", e);
+		}
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/resources/resources/processes/DefaultAuthentication.process.xml b/id/server/idserverlib/src/main/resources/resources/processes/DefaultAuthentication.process.xml
index 48c9ee56c..b7d0d0f8b 100644
--- a/id/server/idserverlib/src/main/resources/resources/processes/DefaultAuthentication.process.xml
+++ b/id/server/idserverlib/src/main/resources/resources/processes/DefaultAuthentication.process.xml
@@ -2,7 +2,7 @@
 <pd:ProcessDefinition id="DefaultAuthentication" xmlns:pd="http://www.datentechnik.com/process-engine/processdefinition/v1">
 
 <!--
-	- National authentication with Austrian Citizen Card and mobile signature.
+	- National authentication with Austrian Citizen Card and mobile signature with our without mandate.
 	- Legacy authentication for foreign citizens using MOCCA supported signature cards.
 -->
 	<pd:Task id="createIdentityLinkForm"    class="at.gv.egovernment.moa.id.auth.tasks.CreateIdentityLinkFormTask" />
@@ -21,7 +21,7 @@
 	
 	<pd:Transition from="createIdentityLinkForm"    to="verifyIdentityLink" />
 	
-	<pd:Transition from="verifyIdentityLink"        to="certificateReadRequest" conditionExpression="!ctx['identityLinkFound'] || ctx['useMandate']" />
+	<pd:Transition from="verifyIdentityLink"        to="certificateReadRequest" conditionExpression="!ctx['identityLinkAvailable'] || ctx['useMandate']" />
 	<pd:Transition from="verifyIdentityLink"        to="prepareAuthBlockSignature" />
 	
 	<pd:Transition from="prepareAuthBlockSignature" to="verifyAuthBlock" />
diff --git a/id/server/idserverlib/src/main/resources/resources/processes/STORKAuthentication.process.xml b/id/server/idserverlib/src/main/resources/resources/processes/STORKAuthentication.process.xml
new file mode 100644
index 000000000..592603457
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/resources/processes/STORKAuthentication.process.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<pd:ProcessDefinition id="STORKAuthentication" xmlns:pd="http://www.datentechnik.com/process-engine/processdefinition/v1">
+
+<!--
+	- STORK authentication both with C-PEPS supporting xml signatures and with C-PEPS not supporting xml signatures.
+-->
+	<pd:Task id="createStorkAuthRequestForm"      class="at.gv.egovernment.moa.id.auth.tasks.stork.CreateStorkAuthRequestFormTask" />
+	<pd:Task id="pepsConnector"                   class="at.gv.egovernment.moa.id.auth.tasks.stork.PepsConnectorTask"                               async="true" />
+	<pd:Task id="pepsConnectorWithoutSignature"   class="at.gv.egovernment.moa.id.auth.tasks.stork.PepsConnectorHandleResponseWithoutSignatureTask" async="true" />
+	<pd:Task id="pepsConnectorWithLocalSignature" class="at.gv.egovernment.moa.id.auth.tasks.stork.PepsConnectorHandleLocalSignResponseTask"        async="true" />
+
+	<!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. -->
+	<pd:StartEvent id="start" />
+	
+	<pd:Transition from="start" to="createStorkAuthRequestForm" />
+	
+	<pd:Transition from="createStorkAuthRequestForm" to="pepsConnector" conditionExpression="ctx['C-PEPS:XMLSignatureSupported']" />
+	<pd:Transition from="createStorkAuthRequestForm" to="pepsConnectorWithoutSignature" />
+	
+	<pd:Transition from="pepsConnector" to="pepsConnector" conditionExpression="!ctx['identityLinkAvailable']" /> <!-- honor strange intermediate step of asking for the subject's gender -->
+	<pd:Transition from="pepsConnector" to="end" />
+	
+	<pd:Transition from="pepsConnectorWithoutSignature"   to="pepsConnectorWithLocalSignature" />
+	<pd:Transition from="pepsConnectorWithLocalSignature" to="pepsConnectorWithoutSignature" conditionExpression="!ctx['identityLinkAvailable']" /> <!-- honor strange intermediate step of asking for the subject's gender -->
+	<pd:Transition from="pepsConnectorWithLocalSignature" to="end" />
+	
+	<pd:EndEvent id="end" />
+
+</pd:ProcessDefinition>
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 232f53559..8807d4ce0 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -229,6 +229,9 @@ stork.18=STORK-SAML Engine konnte nicht initialisiert werden.
 stork.19=Das erforderliche Attribut ist f\u00FCr naturliche Personen nicht vorhanden\: {0}
 stork.20=Fehler bei der Datenkonversion - eingegebens Datum fehlerhaft
 stork.21=Der angeforderte QAA-level {0} ist h\u00F6her als der QAA-level der Authentifizierung {1}
+stork.22=Der STORK Authentifizierung erfordert die Auswahl des Herkunftslandes der Betroffenen.
+stork.23=Die STORK Authentifizierung f\u00FCr "{0}" wird nicht unterst\u00FCtzt.
+stork.24=Die STORK Authentifizierungsantwort enth\uFFFDlt leere Angaben zum Geschlecht.
 
 pvp2.00={0} ist kein gueltiger consumer service index
 pvp2.01=Fehler beim kodieren der PVP2 Antwort
-- 
cgit v1.2.3


From a3002d5966703675e982f5699b7a829d2dc22d84 Mon Sep 17 00:00:00 2001
From: Thomas Knall <t.knall@datentechnik-innovation.com>
Date: Thu, 29 Jan 2015 13:47:36 +0100
Subject: Integrate processes with module discovery.

- Fix AuthModuleImpl process resource uri.
- Create package at.gv.egovernment.moa.id.auth.modules with submodule "internal" and "stork".
- Rename AuthModuleImpl to DefaultAuthModuleImpl (placed in at.gv.egovernment.moa.id.auth.modules.internal).
- Move stork specific tasks to "...stork.tasks" and internal modules to "...internal.tasks".
- Fix bean classes in applicationContext.xml
- Move process descriptions to at.gv.egovernment.moa.id.auth.modules.[internal|stork].
- Add STORKAuthModuleImpl.
---
 .../src/main/webapp/WEB-INF/applicationContext.xml |   5 +-
 .../modules/internal/DefaultAuthModuleImpl.java    |  27 +
 .../internal/tasks/AbstractAuthServletTask.java    | 379 ++++++++++++++
 .../internal/tasks/CertificateReadRequestTask.java | 101 ++++
 .../internal/tasks/CreateIdentityLinkFormTask.java | 120 +++++
 .../modules/internal/tasks/GetForeignIDTask.java   | 182 +++++++
 .../internal/tasks/GetMISSessionIDTask.java        | 181 +++++++
 .../tasks/PrepareAuthBlockSignatureTask.java       | 102 ++++
 .../tasks/VerifyAuthenticationBlockTask.java       | 246 +++++++++
 .../internal/tasks/VerifyCertificateTask.java      | 164 ++++++
 .../internal/tasks/VerifyIdentityLinkTask.java     | 103 ++++
 .../id/auth/modules/stork/STORKAuthModuleImpl.java |  27 +
 .../AbstractPepsConnectorWithLocalSigningTask.java | 257 ++++++++++
 .../tasks/CreateStorkAuthRequestFormTask.java      | 114 +++++
 .../PepsConnectorHandleLocalSignResponseTask.java  | 218 ++++++++
 ...onnectorHandleResponseWithoutSignatureTask.java | 441 ++++++++++++++++
 .../modules/stork/tasks/PepsConnectorTask.java     | 567 +++++++++++++++++++++
 .../moa/id/auth/servlet/GetForeignIDServlet.java   |   2 +-
 .../id/auth/servlet/GetMISSessionIDServlet.java    |   2 +-
 .../moa/id/auth/servlet/PEPSConnectorServlet.java  |   2 +-
 .../PEPSConnectorWithLocalSigningServlet.java      |   2 +-
 .../servlet/VerifyAuthenticationBlockServlet.java  |   2 +-
 .../id/auth/servlet/VerifyCertificateServlet.java  |   2 +-
 .../id/auth/servlet/VerifyIdentityLinkServlet.java |   2 +-
 .../moa/id/auth/tasks/AbstractAuthServletTask.java | 379 --------------
 .../id/auth/tasks/CertificateReadRequestTask.java  | 101 ----
 .../id/auth/tasks/CreateIdentityLinkFormTask.java  | 120 -----
 .../moa/id/auth/tasks/GetForeignIDTask.java        | 182 -------
 .../moa/id/auth/tasks/GetMISSessionIDTask.java     | 181 -------
 .../auth/tasks/PrepareAuthBlockSignatureTask.java  | 102 ----
 .../auth/tasks/VerifyAuthenticationBlockTask.java  | 246 ---------
 .../moa/id/auth/tasks/VerifyCertificateTask.java   | 164 ------
 .../moa/id/auth/tasks/VerifyIdentityLinkTask.java  | 103 ----
 .../AbstractPepsConnectorWithLocalSigningTask.java | 258 ----------
 .../stork/CreateStorkAuthRequestFormTask.java      | 114 -----
 .../PepsConnectorHandleLocalSignResponseTask.java  | 218 --------
 ...onnectorHandleResponseWithoutSignatureTask.java | 441 ----------------
 .../moa/id/auth/tasks/stork/PepsConnectorTask.java | 567 ---------------------
 .../moduls/moduleregistration/AuthModuleImpl.java  |  23 -
 .../moduleregistration/ModuleRegistration.java     |  29 +-
 ...ent.moa.id.moduls.moduleregistration.AuthModule |   3 +
 ...ment.moa.id.moduls.modulregistration.AuthModule |   2 -
 .../internal/DefaultAuthentication.process.xml     |  44 ++
 .../modules/stork/STORKAuthentication.process.xml  |  29 ++
 .../processes/DefaultAuthentication.process.xml    |  44 --
 .../processes/STORKAuthentication.process.xml      |  29 --
 46 files changed, 3331 insertions(+), 3296 deletions(-)
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthModuleImpl.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/AbstractAuthServletTask.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthModuleImpl.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/AbstractPepsConnectorWithLocalSigningTask.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/AbstractAuthServletTask.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/CertificateReadRequestTask.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/CreateIdentityLinkFormTask.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/GetForeignIDTask.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/GetMISSessionIDTask.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/PrepareAuthBlockSignatureTask.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyAuthenticationBlockTask.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyCertificateTask.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyIdentityLinkTask.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/stork/AbstractPepsConnectorWithLocalSigningTask.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/stork/CreateStorkAuthRequestFormTask.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/stork/PepsConnectorHandleLocalSignResponseTask.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/stork/PepsConnectorHandleResponseWithoutSignatureTask.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/stork/PepsConnectorTask.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/moduleregistration/AuthModuleImpl.java
 create mode 100644 id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.moduleregistration.AuthModule
 delete mode 100644 id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.modulregistration.AuthModule
 create mode 100644 id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml
 create mode 100644 id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthentication.process.xml
 delete mode 100644 id/server/idserverlib/src/main/resources/resources/processes/DefaultAuthentication.process.xml
 delete mode 100644 id/server/idserverlib/src/main/resources/resources/processes/STORKAuthentication.process.xml

(limited to 'id/server/auth/src')

diff --git a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml
index 563fd6ec7..65a9e7176 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml
@@ -11,7 +11,10 @@
 
 	<bean id="processEngine" class="com.datentechnik.process_engine.ProcessEngineImpl">
 		<property name="transitionConditionExpressionEvaluator">
+		<!--
 			<bean class="com.datentechnik.process_engine.springweb.SpringWebExpressionEvaluator" />
+		-->
+			<bean class="com.datentechnik.process_engine.spring.SpringExpressionEvaluator" />
 		</property>
 		<property name="processInstanceMaxIdleTimeSeconds" value="600" />
 		<property name="processDefinitions">
@@ -27,5 +30,5 @@
 	</task:scheduled-tasks>
 	
 	<bean id="authenticationManager" class="at.gv.egovernment.moa.id.moduls.AuthenticationManager" factory-method="getInstance" />
-	<bean id="moduleRegistration" class="at.gv.egovernment.moa.id.moduls.modulregistration.ModuleRegistration" factory-method="getInstance" />
+	<bean id="moduleRegistration" class="at.gv.egovernment.moa.id.moduls.moduleregistration.ModuleRegistration" factory-method="getInstance" />
 </beans>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthModuleImpl.java
new file mode 100644
index 000000000..99c28fd7f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthModuleImpl.java
@@ -0,0 +1,27 @@
+package at.gv.egovernment.moa.id.auth.modules.internal;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egovernment.moa.id.moduls.moduleregistration.AuthModule;
+
+import com.datentechnik.process_engine.api.ExecutionContext;
+
+public class DefaultAuthModuleImpl implements AuthModule {
+
+	@Override
+	public int getPriority() {
+		// neutral priority between Integer.MIN_VALUE and Integer.MAX_VALUE
+		return 0;
+	}
+
+	@Override
+	public String selectProcess(ExecutionContext context) {
+		return StringUtils.isBlank((String) context.get("ccc")) ? "DefaultAuthentication" : null;
+	}
+
+	@Override
+	public String[] getProcessDefinitions() {
+		return new String[] { "classpath:at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml" };
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/AbstractAuthServletTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/AbstractAuthServletTask.java
new file mode 100644
index 000000000..8a6c58953
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/AbstractAuthServletTask.java
@@ -0,0 +1,379 @@
+package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
+
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.fileupload.FileItem;
+import org.apache.commons.fileupload.FileItemFactory;
+import org.apache.commons.fileupload.FileUploadException;
+import org.apache.commons.fileupload.disk.DiskFileItemFactory;
+import org.apache.commons.fileupload.servlet.ServletFileUpload;
+import org.apache.commons.lang3.ArrayUtils;
+
+import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet;
+import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl;
+import at.gv.egovernment.moa.id.storage.IExceptionStore;
+import at.gv.egovernment.moa.id.util.ServletUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+import com.datentechnik.process_engine.springweb.AbstractSpringWebSupportedTask;
+
+/**
+ * Task based counterpart to {@link AuthServlet}, providing the same utility methods (error handling, parameter parsing
+ * etc.).</p> The code has been taken from {@link AuthServlet}.
+ */
+public abstract class AbstractAuthServletTask extends AbstractSpringWebSupportedTask {
+
+	protected static final String ERROR_CODE_PARAM = "errorid";
+
+	protected void handleErrorNoRedirect(String errorMessage, Throwable exceptionThrown,
+			HttpServletRequest req, HttpServletResponse resp) {
+
+		if (null != errorMessage) {
+			Logger.error(errorMessage);
+			req.setAttribute("ErrorMessage", errorMessage);
+		}
+
+		if (null != exceptionThrown) {
+			if (null == errorMessage)
+				errorMessage = exceptionThrown.getMessage();
+			Logger.error(errorMessage, exceptionThrown);
+			req.setAttribute("ExceptionThrown", exceptionThrown);
+		}
+
+		if (Logger.isDebugEnabled()) {
+			req.setAttribute("LogLevel", "debug");
+		}
+		
+		
+		StatisticLogger logger = StatisticLogger.getInstance();
+		logger.logErrorOperation(exceptionThrown);
+		
+		
+		// forward this to errorpage-auth.jsp where the HTML error page is
+		// generated
+		ServletContext context = req.getServletContext();
+		RequestDispatcher dispatcher = context
+				.getRequestDispatcher("/errorpage-auth.jsp");
+		try {
+
+			resp.setHeader(HEADER_EXPIRES, HEADER_VALUE_EXPIRES);
+			resp.setHeader(HEADER_PRAGMA, HEADER_VALUE_PRAGMA);
+			resp.setHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL);
+			resp.addHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL_IE);
+
+			dispatcher.forward(req, resp);
+		} catch (ServletException e) {
+			Logger.error(e);
+		} catch (IOException e) {
+			Logger.error(e);
+		}
+	}
+	
+	/**
+	 * Handles an error. <br>>
+	 * <ul>
+	 * <li>Logs the error</li>
+	 * <li>Places error message and exception thrown into the request as request
+	 * attributes (to be used by <code>"/errorpage-auth.jsp"</code>)</li>
+	 * <li>Sets HTTP status 500 (internal server error)</li>
+	 * </ul>
+	 * 
+	 * @param errorMessage
+	 *            error message
+	 * @param exceptionThrown
+	 *            exception thrown
+	 * @param req
+	 *            servlet request
+	 * @param resp
+	 *            servlet response
+	 */
+	protected void handleError(String errorMessage, Throwable exceptionThrown,
+			HttpServletRequest req, HttpServletResponse resp, String pendingRequestID) {
+
+		if (null != errorMessage) {
+			Logger.error(errorMessage);
+			req.setAttribute("ErrorMessage", errorMessage);
+		}
+
+		if (null != exceptionThrown) {
+			if (null == errorMessage)
+				errorMessage = exceptionThrown.getMessage();
+			Logger.error(errorMessage, exceptionThrown);
+			req.setAttribute("ExceptionThrown", exceptionThrown);
+		}
+
+		if (Logger.isDebugEnabled()) {
+			req.setAttribute("LogLevel", "debug");
+		}
+
+		if (!(exceptionThrown instanceof MOAIDException)) {
+			Logger.error("Receive an internal error: Message=" + exceptionThrown.getMessage(), exceptionThrown);
+			
+		}
+		
+		IExceptionStore store = DBExceptionStoreImpl.getStore();
+		String id = store.storeException(exceptionThrown);
+
+		if (id != null && MiscUtil.isNotEmpty(pendingRequestID)) {
+		
+			String redirectURL = null;
+
+			redirectURL = ServletUtils.getBaseUrl(req);
+			redirectURL += "/dispatcher?" + ERROR_CODE_PARAM + "=" + id 
+					+ "&" + DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;
+		
+			resp.setContentType("text/html");
+			resp.setStatus(302);
+	
+			resp.addHeader("Location", redirectURL);		
+			Logger.debug("REDIRECT TO: " + redirectURL);	
+		
+			return;
+			
+		} else {
+			
+			//Exception can not be stored in database
+			handleErrorNoRedirect(errorMessage, exceptionThrown, req, resp);
+		}
+	}
+
+	/**
+	 * Handles a <code>WrongParametersException</code>.
+	 * 
+	 * @param req
+	 *            servlet request
+	 * @param resp
+	 *            servlet response
+	 */
+	protected void handleWrongParameters(WrongParametersException ex,
+			HttpServletRequest req, HttpServletResponse resp) {
+		Logger.error(ex.toString());
+		req.setAttribute("WrongParameters", ex.getMessage());
+
+		// forward this to errorpage-auth.jsp where the HTML error page is
+		// generated
+		ServletContext context = req.getServletContext();
+		RequestDispatcher dispatcher = context
+				.getRequestDispatcher("/errorpage-auth.jsp");
+		try {
+			setNoCachingHeaders(resp);
+			dispatcher.forward(req, resp);
+		} catch (ServletException e) {
+			Logger.error(e);
+		} catch (IOException e) {
+			Logger.error(e);
+		}
+	}
+
+	/**
+	 * Logs all servlet parameters for debugging purposes.
+	 */
+	protected void logParameters(HttpServletRequest req) {
+		for (Enumeration params = req.getParameterNames(); params
+				.hasMoreElements();) {
+			String parname = (String) params.nextElement();
+			Logger.debug("Parameter " + parname + req.getParameter(parname));
+		}
+	}
+
+	/**
+	 * Parses the request input stream for parameters, assuming parameters are
+	 * encoded UTF-8 (no standard exists how browsers should encode them).
+	 * 
+	 * @param req
+	 *            servlet request
+	 * 
+	 * @return mapping parameter name -> value
+	 * 
+	 * @throws IOException
+	 *             if parsing request parameters fails.
+	 * 
+	 * @throws FileUploadException
+	 *             if parsing request parameters fails.
+	 */
+	protected Map<String, String> getParameters(HttpServletRequest req) throws IOException,
+			FileUploadException {
+
+		Map<String, String> parameters = new HashMap<String, String>();
+
+		if (ServletFileUpload.isMultipartContent(req)) {
+			// request is encoded as mulitpart/form-data
+			FileItemFactory factory = new DiskFileItemFactory();
+			ServletFileUpload upload = null;
+			upload = new ServletFileUpload(factory);
+			List items = null;
+			items = upload.parseRequest(req);
+			for (int i = 0; i < items.size(); i++) {
+				FileItem item = (FileItem) items.get(i);
+				if (item.isFormField()) {
+					// Process only form fields - no file upload items
+					String logString = item.getString("UTF-8");
+
+					// TODO use RegExp
+					String startS = "<pr:Identification><pr:Value>";
+					String endS = "</pr:Value><pr:Type>urn:publicid:gv.at:baseid</pr:Type>";
+					String logWithMaskedBaseid = logString;
+					int start = logString.indexOf(startS);
+					if (start > -1) {
+						int end = logString.indexOf(endS);
+						if (end > -1) {
+							logWithMaskedBaseid = logString.substring(0, start);
+							logWithMaskedBaseid += startS;
+							logWithMaskedBaseid += "xxxxxxxxxxxxxxxxxxxxxxxx";
+							logWithMaskedBaseid += logString.substring(end,
+									logString.length());
+						}
+					}
+					parameters
+							.put(item.getFieldName(), item.getString("UTF-8"));
+					Logger.debug("Processed multipart/form-data request parameter: \nName: "
+							+ item.getFieldName()
+							+ "\nValue: "
+							+ logWithMaskedBaseid);
+				}
+			}
+		}
+
+		else {
+			// request is encoded as application/x-www-urlencoded
+			// [tknall]: we must not consume request body input stream once servlet-api request parameters have been accessed
+			
+			/*
+			InputStream in = req.getInputStream();
+
+			String paramName;
+			String paramValueURLEncoded;
+			do {
+				paramName = new String(readBytesUpTo(in, '='));
+				if (paramName.length() > 0) {
+					paramValueURLEncoded = readBytesUpTo(in, '&');
+					String paramValue = URLDecoder.decode(paramValueURLEncoded,
+							"UTF-8");
+					parameters.put(paramName, paramValue);
+				}
+			} while (paramName.length() > 0);
+			in.close();
+			*/
+			
+			Iterator<Entry<String, String[]>> requestParamIt = req.getParameterMap().entrySet().iterator();
+			while (requestParamIt.hasNext()) {
+				Entry<String, String[]> entry = requestParamIt.next();
+				String key = entry.getKey();
+				String[] values = entry.getValue();
+				// take the last value from the value array since the legacy code above also does it this way
+				parameters.put(key, ArrayUtils.isEmpty(values) ? null : values[values.length-1]); 
+			}
+			
+		}
+
+		return parameters;
+	}
+
+	/**
+	 * Reads bytes up to a delimiter, consuming the delimiter.
+	 * 
+	 * @param in
+	 *            input stream
+	 * @param delimiter
+	 *            delimiter character
+	 * @return String constructed from the read bytes
+	 * @throws IOException
+	 */
+	protected String readBytesUpTo(InputStream in, char delimiter)
+			throws IOException {
+		ByteArrayOutputStream bout = new ByteArrayOutputStream();
+		boolean done = false;
+		int b;
+		while (!done && (b = in.read()) >= 0) {
+			if (b == delimiter)
+				done = true;
+			else
+				bout.write(b);
+		}
+		return bout.toString();
+	}
+
+	/**
+	 * Sets response headers that prevent caching (code taken from {@link AuthServlet}).
+	 * 
+	 * @param resp
+	 *            The HttpServletResponse.
+	 */
+	public void setNoCachingHeaders(HttpServletResponse resp) {
+		resp.setHeader(HEADER_EXPIRES, HEADER_VALUE_EXPIRES);
+		resp.setHeader(HEADER_PRAGMA, HEADER_VALUE_PRAGMA);
+		resp.setHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL);
+		resp.addHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL_IE);
+	}
+
+	/**
+	 * Adds a parameter to a URL.
+	 * 
+	 * @param url
+	 *            the URL
+	 * @param paramname
+	 *            parameter name
+	 * @param paramvalue
+	 *            parameter value
+	 * @return the URL with parameter added
+	 */
+	protected static String addURLParameter(String url, String paramname,
+			String paramvalue) {
+		String param = paramname + "=" + paramvalue;
+		if (url.indexOf("?") < 0)
+			return url + "?" + param;
+		else
+			return url + "&" + param;
+	}
+
+	/**
+	 * Checks if HTTP requests are allowed
+	 * 
+	 * @param authURL
+	 *            requestURL
+	 * @throws AuthenticationException
+	 *             if HTTP requests are not allowed
+	 * @throws ConfigurationException
+	 */
+	protected void checkIfHTTPisAllowed(String authURL)
+			throws AuthenticationException, ConfigurationException {
+		// check if HTTP Connection may be allowed (through
+		// FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
+		
+		//Removed from MOA-ID 2.0 config
+//		String boolStr = AuthConfigurationProvider
+//				.getInstance()
+//				.getGenericConfigurationParameter(
+//						AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
+		if ((!authURL.startsWith("https:"))
+				//&& (false == BoolUtils.valueOf(boolStr))
+				)
+			throw new AuthenticationException("auth.07", new Object[] { authURL
+					+ "*" });
+
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java
new file mode 100644
index 000000000..4af07950b
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java
@@ -0,0 +1,101 @@
+package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
+
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.commons.lang3.BooleanUtils;
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.util.ServletUtils;
+import at.gv.egovernment.moa.logging.Logger;
+
+import com.datentechnik.process_engine.api.ExecutionContext;
+
+/**
+ * Creates {@code InfoBoxReadRequest} in order to read the subject's certificates.<p/>
+ * In detail:
+ * <ul>
+ * <li>Renames the moa session id.</li>
+ * <li>Creates {@code InfoBoxReadRequest} in order to read the subject's certificates.</li>
+ * <li>Responds with {@code InfoBoxReadRequest} (for CCE), {@code DataURL} is {@code /VerifyCertificate}</li>
+ * </ul>
+ * Expects:
+ * <ul>
+ * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
+ * </ul>
+ * Result:
+ * <ul>
+ * <li>Responds with {@code InfoBoxReadRequest} (for CCE), {@code DataURL} is {@code {/VerifyCertificate}</li>
+ * </ul>
+ * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet}.
+ * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
+ *
+ */
+public class CertificateReadRequestTask extends AbstractAuthServletTask {
+
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
+			throws Exception {
+
+		// TODO[branch]: Foreign citizen or mandate mode; respond with IRR for certificates, dataURL = "/VerifyCertificate"
+		Logger.info("Send InfoboxReadRequest to BKU to get signer certificate.");
+
+		setNoCachingHeaders(resp);
+
+		String pendingRequestID = null;
+		
+		try {
+		
+			String sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID));
+			
+			// check parameter
+			if (!ParamValidatorUtils.isValidSessionID(sessionID)) {
+				throw new WrongParametersException("CertificateReadRequestTask", PARAM_SESSIONID, "auth.12");
+			}
+
+			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+
+			AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+
+			boolean useMandate = session.getUseMandate();
+			boolean identityLinkAvailable = BooleanUtils.isTrue((Boolean) executionContext.get("identityLinkAvailable"));
+			
+			if (!identityLinkAvailable && useMandate) {
+				Logger.error("Online-Mandate Mode for foreign citizencs not supported.");
+				throw new AuthenticationException("auth.13", null);
+			}
+
+			// change MOASessionID
+			AuthenticationSessionStoreage.changeSessionID(session);
+			
+			// create the InfoboxReadRequest to get the certificate
+			String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
+
+			// build dataurl (to the VerifyCertificateSerlvet)
+			String dataurl = new DataURLBuilder().buildDataURL(session.getAuthURL(), REQ_VERIFY_CERTIFICATE,
+					session.getSessionID());
+
+			ServletUtils.writeCreateXMLSignatureRequest(resp, infoboxReadRequest,
+					AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
+		
+		} catch (MOAIDException ex) {
+			handleError(null, ex, req, resp, pendingRequestID);
+		} finally {
+			ConfigurationDBUtils.closeSession();
+		}		
+
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
new file mode 100644
index 000000000..d88042528
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
@@ -0,0 +1,120 @@
+package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
+
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
+
+import java.io.PrintWriter;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.commons.lang3.ObjectUtils;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moa.util.StringUtils;
+
+import com.datentechnik.process_engine.api.ExecutionContext;
+
+/**
+ * Creates a http form including an embedded {@code InfoBoxReadRequest} for reading the identity link.<p/>
+ * In detail:
+ * <ul>
+ * <li>Renames the moa session id.</li>
+ * <li>Removes ExecutionContext property {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}.</li>
+ * <li>Creates the http form mentioned above.</li>
+ * <li>Returns the http form via HttpServletResponse.</li>
+ * </ul>
+ * Expects:
+ * <ul>
+ * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID} <strong>or</strong></li>
+ * <li>ExecutionContext property {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID} (in case of legacy authentication without CCE selection, where the moa session is not provided by request parameter).</li>
+ * </ul>
+ * Result:
+ * <ul>
+ * <li>The identity link form via HttpServletResponse.</li>
+ * </ul>
+ * Possible branches:
+ * <ul>
+ * <li>In case of STORK authentication
+ * <ul>
+ * <li>Creates STORK auth SAML request.</li>
+ * <li>Creates and returns a form for submitting the SAML request to the CPEPS (post binding).</li>
+ * <li>Returns the form via HttpServletResponse.</li>
+ * </ul>
+ * </li>
+ * </ul>
+ * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet}.
+ * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
+ *
+ */
+public class CreateIdentityLinkFormTask extends AbstractAuthServletTask {
+
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
+			throws Exception {
+
+		String pendingRequestID = null;
+		String moasessionid = StringEscapeUtils.escapeHtml(ObjectUtils.defaultIfNull(req.getParameter(PARAM_SESSIONID), (String) executionContext.get(PARAM_SESSIONID)));
+		AuthenticationSession moasession = null;
+		try {
+			
+			if (MiscUtil.isEmpty(moasessionid)) {
+				Logger.warn("MOASessionID is empty.");
+				throw new MOAIDException("auth.18", new Object[] {});
+			}
+			
+			try {
+			
+				pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moasessionid);
+				moasession = AuthenticationSessionStoreage.getSession(moasessionid);
+				AuthenticationSessionStoreage.changeSessionID(moasession);
+				executionContext.remove(PARAM_SESSIONID);
+			
+			} catch (MOADatabaseException e) {
+				Logger.info("MOASession with SessionID=" + moasessionid + " is not found in Database");
+				throw new MOAIDException("init.04", new Object[] { moasessionid });
+
+			} catch (Throwable e) {
+				Logger.info("No HTTP Session found!");
+				throw new MOAIDException("auth.18", new Object[] {});
+			}
+
+			StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance();
+			String getIdentityLinkForm = startauth.build(moasession, req, resp);
+
+			if (!StringUtils.isEmpty(getIdentityLinkForm)) {
+				resp.setContentType("text/html;charset=UTF-8");
+				PrintWriter out = new PrintWriter(resp.getOutputStream());
+				out.print(getIdentityLinkForm);
+				out.flush();
+				Logger.debug("Finished GET " + GenerateIFrameTemplateServlet.class);
+			}
+			
+		} catch (WrongParametersException ex) {
+			handleWrongParameters(ex, req, resp);
+		}
+
+		catch (MOAIDException ex) {
+			handleError(null, ex, req, resp, pendingRequestID);
+
+		} catch (Exception e) {
+			Logger.error("CreateIdentityLinkFormTask has an interal Error.", e);
+
+		}
+
+		finally {
+			ConfigurationDBUtils.closeSession();
+		}
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
new file mode 100644
index 000000000..a661abc95
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
@@ -0,0 +1,182 @@
+package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
+
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.security.cert.CertificateException;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.transform.TransformerException;
+
+import org.apache.commons.fileupload.FileUploadException;
+import org.apache.commons.lang.StringEscapeUtils;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
+import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.client.SZRGWClientException;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse;
+
+import com.datentechnik.process_engine.api.ExecutionContext;
+
+/**
+ * Evaluates the {@code CreateXMLSignatureResponse}, extracts signature and certificate and asks the SZR Gateway for an identity link.<p/>
+ * In detail:
+ * <ul>
+ * <li>Renames the moa session id.</li>
+ * <li>Parses the CreateXMLSignatureResponse retrieved from POST parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE}.</li>
+ * <li>Extracts signature and signer certificate.</li>
+ * <li>Send request to SZR Gateway in order to get an identity link.</li>
+ * <li>Updates moa session (sets identity link, QAA level 4, authentication data and foreigner flag).</li>
+ * <li>Redirects back to {@code /dispatcher} in order to finalize authentication.</li>
+ * </ul>
+ * Expects:
+ * <ul>
+ * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
+ * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE} containing a {@code CreateXMLSignatureResponse}.</li>
+ * </ul>
+ * Result:
+ * <ul>
+ * <li>Identity link, QAA level 4 and foreigner flag put into moa session.</li>
+ * <li>Redirect to {@code /dispatcher}.</li>
+ * </ul>
+ * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.GetForeignIDServlet}.
+ * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
+ *
+ */
+public class GetForeignIDTask extends AbstractAuthServletTask {
+
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
+			throws Exception {
+
+		Logger.debug("POST GetForeignIDServlet");
+
+		setNoCachingHeaders(resp);
+
+		Map<String, String> parameters;
+
+		try {
+			parameters = getParameters(req);
+		} catch (FileUploadException e) {
+			Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+			throw new IOException(e.getMessage());
+		}
+		
+		String sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID));
+		String pendingRequestID = null;
+		String redirectURL = null;
+		AuthenticationSession session = null;
+		try {
+			// check parameter
+			if (!ParamValidatorUtils.isValidSessionID(sessionID)) {
+				throw new WrongParametersException("GetForeignID", PARAM_SESSIONID, "auth.12");
+			}
+			String xmlCreateXMLSignatureResponse = (String) parameters.get(PARAM_XMLRESPONSE);
+			if (!ParamValidatorUtils.isValidXMLDocument(xmlCreateXMLSignatureResponse)) {
+				throw new WrongParametersException("GetForeignID", PARAM_XMLRESPONSE, "auth.12");
+			}
+			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+			session = AuthenticationServer.getSession(sessionID);
+
+			// change MOASessionID
+			sessionID = AuthenticationSessionStoreage.changeSessionID(session);
+
+			Logger.debug(xmlCreateXMLSignatureResponse);
+
+			CreateXMLSignatureResponse csresp = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse)
+					.parseResponseDsig();
+
+			try {
+				String serializedAssertion = DOMUtils.serializeNode(csresp.getDsigSignature());
+				session.setAuthBlock(serializedAssertion);
+
+			} catch (TransformerException e) {
+				throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE });
+
+			} catch (IOException e) {
+				throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE });
+
+			}
+
+			Element signature = csresp.getDsigSignature();
+
+			try {
+				session.setSignerCertificate(AuthenticationServer.getCertificateFromXML(signature));
+			} catch (CertificateException e) {
+				Logger.error("Could not extract certificate from CreateXMLSignatureResponse");
+				throw new MOAIDException("auth.14", null);
+			}
+
+			// make SZR request to the identity link
+			CreateIdentityLinkResponse response = AuthenticationServer.getInstance().getIdentityLink(signature);
+
+			if (null != response.getErrorResponse()) {
+				// TODO fix exception parameter
+				throw new SZRGWClientException("service.08", (String) response.getErrorResponse().getErrorCode(),
+						(String) response.getErrorResponse().getInfo());
+			} else {
+				IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream(
+						response.getIdentityLink()));
+				IdentityLink identitylink = ilParser.parseIdentityLink();
+				session.setIdentityLink(identitylink);
+
+				// set QAA Level four in case of card authentifcation
+				session.setQAALevel(PVPConstants.STORK_QAA_1_4);
+
+				AuthenticationServer.getInstance().getForeignAuthenticationData(session);
+
+				// session is implicit stored in changeSessionID!!!!
+				String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session);
+
+				Logger.info("Changed MOASession " + sessionID + " to Session " + newMOASessionID);
+				Logger.info("Daten angelegt zu MOASession " + newMOASessionID);
+
+				redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(),
+						ModulUtils.buildAuthURL(session.getModul(), session.getAction(), pendingRequestID),
+						newMOASessionID);
+				redirectURL = resp.encodeRedirectURL(redirectURL);
+
+				// TODO[branch]: Final step back to /dispatcher
+
+				try {
+					AuthenticationSessionStoreage.storeSession(session);
+				} catch (MOADatabaseException e) {
+					throw new MOAIDException("Session store error", null);
+				}
+
+				resp.setContentType("text/html");
+				resp.setStatus(302);
+				resp.addHeader("Location", redirectURL);
+				Logger.debug("REDIRECT TO: " + redirectURL);
+			}
+
+		} catch (MOAIDException ex) {
+			handleError(null, ex, req, resp, pendingRequestID);
+
+		} catch (Exception e) {
+			Logger.error("GetForeignIDServlet has an interal Error.", e);
+
+		}
+
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
new file mode 100644
index 000000000..6e4d77b17
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
@@ -0,0 +1,181 @@
+package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
+
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
+import iaik.pki.PKIException;
+
+import java.security.GeneralSecurityException;
+import java.util.List;
+
+import javax.net.ssl.SSLSocketFactory;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.xml.sax.SAXException;
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
+
+import com.datentechnik.process_engine.api.ExecutionContext;
+
+/**
+ * Retrieves a mandate from the online mandate issuing service.<p/>
+ * In detail:
+ * <ul>
+ * <li>Renames the moa session id.</li>
+ * <li>Retrieves the mandate referenced within the moa session from the online (external) mandate issuing service.</li>
+ * <li>Verifies the mandate.</li>
+ * <li>Puts mandate into moa session.</li>
+ * <li>Redirects back to {@code /dispatcher} in order to finalize the authentication.</li>
+ * </ul>
+ * Expects:
+ * <ul>
+ * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
+ * </ul>
+ * Result:
+ * <ul>
+ * <li>Mandate put into moa session.</li>
+ * <li>Redirect to {@code /dispatcher}.</li>
+ * </ul>
+ * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.GetMISSessionIDServlet}.
+ * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
+ *
+ */
+public class GetMISSessionIDTask extends AbstractAuthServletTask {
+
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
+			throws Exception {
+		
+		Logger.debug("POST GetMISSessionIDServlet");
+
+		String sessionID = req.getParameter(PARAM_SESSIONID);
+
+		// escape parameter strings
+		sessionID = StringEscapeUtils.escapeHtml(sessionID);
+
+		AuthenticationSession session = null;
+		String pendingRequestID = null;
+		try {
+			// check parameter
+			if (!ParamValidatorUtils.isValidSessionID(sessionID))
+				throw new WrongParametersException("VerifyCertificate",
+						PARAM_SESSIONID, "auth.12");
+
+			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+			
+			session = AuthenticationServer.getSession(sessionID);
+
+			//change MOASessionID
+		    sessionID = AuthenticationSessionStoreage.changeSessionID(session);
+			
+			String misSessionID = session.getMISSessionID();
+
+			AuthConfigurationProvider authConf = AuthConfigurationProvider
+					.getInstance();
+			ConnectionParameter connectionParameters = authConf
+					.getOnlineMandatesConnectionParameter();
+			SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(
+					AuthConfigurationProvider.getInstance(),
+					connectionParameters);
+
+			List<MISMandate> list = MISSimpleClient.sendGetMandatesRequest(
+					connectionParameters.getUrl(), misSessionID, sslFactory);
+
+			if (list == null || list.size() == 0) {
+				Logger.error("Keine Vollmacht gefunden.");
+				throw new AuthenticationException("auth.15", null);
+			}
+
+			// for now: list contains only one element
+			MISMandate mandate = (MISMandate) list.get(0);
+
+			// TODO[tlenz]: UTF-8 ?
+			String sMandate = new String(mandate.getMandate());
+			if (sMandate == null || sMandate.compareToIgnoreCase("") == 0) {
+				Logger.error("Mandate is empty.");
+				throw new AuthenticationException("auth.15",
+						new Object[] { GET_MIS_SESSIONID });
+			}
+						
+			//check if it is a parsable XML
+			byte[] byteMandate = mandate.getMandate();
+			// TODO[tlenz]: UTF-8 ?
+			String stringMandate = new String(byteMandate);
+			DOMUtils.parseDocument(stringMandate, false,
+					null, null).getDocumentElement();
+			
+			// extract RepresentationType
+			AuthenticationServer.getInstance().verifyMandate(session, mandate);
+			
+			session.setMISMandate(mandate);
+			session.setAuthenticatedUsed(false);
+			session.setAuthenticated(true);
+			
+	    	//set QAA Level four in case of card authentifcation
+	    	session.setQAALevel(PVPConstants.STORK_QAA_1_4);
+			
+			String oldsessionID = session.getSessionID();
+			
+			//Session is implicite stored in changeSessionID!!!
+			String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session);
+			
+			Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID);
+			Logger.info("Daten angelegt zu MOASession " + newMOASessionID);
+						
+			String redirectURL = new DataURLBuilder().buildDataURL(
+					session.getAuthURL(),
+					ModulUtils.buildAuthURL(session.getModul(),
+							session.getAction(), pendingRequestID), newMOASessionID);
+			redirectURL = resp.encodeRedirectURL(redirectURL);
+			
+			// TODO[branch]: Final step back to /dispatcher
+			
+			resp.setContentType("text/html");
+			resp.setStatus(302);
+			resp.addHeader("Location", redirectURL);
+			Logger.debug("REDIRECT TO: " + redirectURL);
+
+		} catch (MOAIDException ex) {
+			handleError(null, ex, req, resp, pendingRequestID);
+			
+		} catch (GeneralSecurityException ex) {
+			handleError(null, ex, req, resp, pendingRequestID);
+			
+		} catch (PKIException e) {
+			handleError(null, e, req, resp, pendingRequestID);
+			
+		} catch (SAXException e) {
+			handleError(null, e, req, resp, pendingRequestID);
+			
+		} catch (ParserConfigurationException e) {
+			handleError(null, e, req, resp, pendingRequestID);
+			
+	    } catch (Exception e) {
+	    	Logger.error("MISMandateValidation has an interal Error.", e);
+	       
+	    }
+	    finally {
+	    	ConfigurationDBUtils.closeSession();
+	    }
+		
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
new file mode 100644
index 000000000..d7a95bfcc
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
@@ -0,0 +1,102 @@
+package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
+
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringEscapeUtils;
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.util.ServletUtils;
+import at.gv.egovernment.moa.logging.Logger;
+
+import com.datentechnik.process_engine.api.ExecutionContext;
+
+/**
+ * Creates {@code CreateXMLSignatureRequest} for auth block signature.<p/>
+ * In detail:
+ * <ul>
+ * <li>Renames the moa session id.</li>
+ * <li>Creates {@code CreateXMLSignatureRequest} for auth block signature.</li>
+ * <li>Responds with {@code CreateXMLSignatureRequest} (for CCE), {@code DataURL} is {@code {/VerifyAuthBlock}</li>
+ * </ul>
+ * Expects:
+ * <ul>
+ * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
+ * </ul>
+ * Result:
+ * <ul>
+ * <li>Responds with {@code CreateXMLSignatureRequest} (for CCE), {@code DataURL} is {@code {/VerifyAuthBlock}</li>
+ * </ul>
+ * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet}.
+ * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
+ *
+ */
+public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask {
+
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
+			throws Exception {
+		// note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet
+
+		Logger.debug("Process IdentityLink");
+
+		setNoCachingHeaders(resp);
+		
+		String pendingRequestID = null;
+
+		try {
+			
+			String sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID));
+			
+			// check parameter
+			if (!ParamValidatorUtils.isValidSessionID(sessionID)) {
+				throw new WrongParametersException("VerifyIdentityLink", PARAM_SESSIONID, "auth.12");
+			}
+
+			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+
+			AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+
+			// change MOASessionID
+			sessionID = AuthenticationSessionStoreage.changeSessionID(session);
+				
+			Logger.info("Normal");
+
+			// TODO[branch]: Default behaviour; respond with CXSR for authblock signature, dataURL "/VerifyAuthBlock"
+
+			OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
+					session.getPublicOAURLPrefix());
+			AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+
+			String createXMLSignatureRequest = AuthenticationServer.getInstance()
+					.getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam);
+
+			AuthenticationSessionStoreage.storeSession(session);
+			
+			ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session,
+					createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT,
+					"VerifyIdentityLink");
+
+		} catch (MOAIDException ex) {
+			handleError(null, ex, req, resp, pendingRequestID);
+
+		} catch (Exception e) {
+			Logger.error("IdentityLinkValidation has an interal Error.", e);
+		}
+
+		finally {
+			ConfigurationDBUtils.closeSession();
+		}
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
new file mode 100644
index 000000000..8c59c39ba
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
@@ -0,0 +1,246 @@
+package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
+
+import iaik.pki.PKIException;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.util.List;
+import java.util.Map;
+
+import javax.net.ssl.SSLSocketFactory;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.transform.TransformerException;
+
+import org.apache.commons.fileupload.FileUploadException;
+import org.apache.commons.lang.StringEscapeUtils;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
+
+import com.datentechnik.process_engine.api.ExecutionContext;
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
+
+/**
+ * Verifies the signed authentication block (provided as {@code CreateXMLSignatureResponse}).<p/>
+ * In detail:
+ * <ul>
+ * <li>Renames the moa session id.</li>
+ * <li>Takes the {@code CreateXMLSignatureResponse} from POST parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE}.</li>
+ * <li>Verifies the {@code CreateXMLSignatureResponse}.</li>
+ * <li>Updates moa session.</li>
+ * <li>Redirects back to {@code /dispatcher} in order to finalize the authentication.</li>
+ * </ul>
+ * Expects:
+ * <ul>
+ * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
+ * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE} containing a {@code CreateXMLSignatureResponse}.</li>
+ * </ul>
+ * Result:
+ * <ul>
+ * <li>Authentication data put into moa session.</li>
+ * <li>Redirect to {@code /dispatcher}.</li>
+ * </ul>
+ * Possible branches:
+ * <ul>
+ * <li>In case of mandate mode
+ * <ul>
+ * <li>Creates a mandate session at the external mandate issuing service.</li>
+ * <li>Redirects the user's browser to the online mandate issuing service GUI.</li>
+ * </ul>
+ * </li>
+ * </ul>
+ * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet}.
+ * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
+ *
+ */
+public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask {
+
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
+			throws Exception {
+
+		// note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet
+		
+		Logger.debug("POST VerifyAuthenticationBlock");
+		
+		String pendingRequestID = null;		
+		
+	    Map<String, String> parameters;
+	    try 
+	    {
+	      parameters = getParameters(req);
+	    } catch (FileUploadException e) 
+	    {
+	      Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+	      throw new IOException(e.getMessage());
+	      
+	    }
+			String sessionID = req.getParameter(PARAM_SESSIONID);
+			String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);
+
+			// escape parameter strings
+			sessionID = StringEscapeUtils.escapeHtml(sessionID);
+			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+		   		
+			String redirectURL = null;
+			try {
+	         // check parameter
+	         if (!ParamValidatorUtils.isValidSessionID(sessionID))
+	            throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12");
+	         if (!ParamValidatorUtils.isValidXMLDocument(createXMLSignatureResponse))
+	            throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12");
+
+				AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+
+				//change MOASessionID
+			    sessionID = AuthenticationSessionStoreage.changeSessionID(session);
+				
+				String authenticatedMOASessionId = AuthenticationServer.getInstance().verifyAuthenticationBlock(session, createXMLSignatureResponse);
+				
+				if (authenticatedMOASessionId == null) { 
+					//mandate Mode
+				
+					  AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance();
+						ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter();	
+						SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters);
+						
+						// get identitity link as byte[]
+						Element elem = session.getIdentityLink().getSamlAssertion();
+						String s = DOMUtils.serializeNode(elem);
+						
+						//System.out.println("IDL: " + s);
+						
+						byte[] idl = s.getBytes("UTF-8");
+						
+						// redirect url
+						// build redirect(to the GetMISSessionIdSerlvet)
+						
+						//change MOASessionID before MIS request
+						String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session);
+						
+				        redirectURL =
+				              new DataURLBuilder().buildDataURL(
+				                session.getAuthURL(),
+				                GET_MIS_SESSIONID,
+				                newMOASessionID);
+						
+				        String oaURL = session.getOAURLRequested();
+				        OAAuthParameter oaParam = authConf.getOnlineApplicationParameter(oaURL);
+				        List<String> profiles = oaParam.getMandateProfiles();
+
+				        if (profiles == null) {
+				      	  Logger.error("No Mandate/Profile for OA configured.");
+				      	  throw new AuthenticationException("config.21", new Object[] { GET_MIS_SESSIONID});
+				        }
+				        
+				        String oaFriendlyName = oaParam.getFriendlyName();
+				        String mandateReferenceValue = session.getMandateReferenceValue();
+				        byte[] cert = session.getEncodedSignerCertificate();
+				        byte[] authBlock = session.getAuthBlock().getBytes("UTF-8");
+				        
+				        //TODO: check in case of SSO!!!
+				        String targetType = null;  
+				        if(oaParam.getBusinessService()) {
+				        	String id = oaParam.getIdentityLinkDomainIdentifier();
+				        	if (id.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_))
+				        		targetType = id;
+				        	else
+				        		targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+session.getDomainIdentifier();
+				        	
+				        } else {
+				        	targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget();
+				        }
+				        
+				        MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(
+				        		connectionParameters.getUrl(), 
+				        		idl, 
+				        		cert, 
+				        		oaFriendlyName, 
+				        		redirectURL, 
+				        		mandateReferenceValue, 
+				        		profiles, 
+				        		targetType,
+				        		authBlock,
+				        		sslFactory);
+				        
+				        if (misSessionID == null) {
+				      	  Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null.");
+				      	  throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service.");
+				        }
+				        
+				        String redirectMISGUI = misSessionID.getRedirectURL();
+				        session.setMISSessionID(misSessionID.getSessiondId());
+					
+						try {
+							AuthenticationSessionStoreage.storeSession(session);
+						} catch (MOADatabaseException e) {
+							throw new MOAIDException("Session store error", null);
+						}
+				        
+						// TODO[branch]: Mandate; redirect to MIS website; website redirects back to "/GetMISSessionID"
+						
+				        resp.setStatus(302);
+				    	  resp.addHeader("Location", redirectMISGUI);
+				    	  Logger.debug("REDIRECT TO: " + redirectURL);
+				}
+				else {
+					// TODO[branch]: Final step back to /dispatcher
+					redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), 
+							ModulUtils.buildAuthURL(session.getModul(), session.getAction(), pendingRequestID), authenticatedMOASessionId);
+							
+					resp.setContentType("text/html");
+					resp.setStatus(302);
+				
+					resp.addHeader("Location", redirectURL);		
+					Logger.debug("REDIRECT TO: " + redirectURL);				
+					
+				}
+				
+			}
+	    
+			catch (MOAIDException ex) {
+				handleError(null, ex, req, resp, pendingRequestID);
+				
+			} catch (GeneralSecurityException e) {
+				handleError(null, e, req, resp, pendingRequestID);
+				
+			} catch (PKIException e) {
+				handleError(null, e, req, resp, pendingRequestID);
+				
+			} catch (TransformerException e) {
+				handleError(null, e, req, resp, pendingRequestID);
+				
+		    } catch (Exception e) {
+		    	Logger.error("AuthBlockValidation has an interal Error.", e);
+		    }
+		       
+			
+		    finally {
+		    	ConfigurationDBUtils.closeSession();
+		    }		
+		
+		
+		
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
new file mode 100644
index 000000000..7f9fed37a
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
@@ -0,0 +1,164 @@
+package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
+
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
+import iaik.x509.X509Certificate;
+
+import java.io.IOException;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.fileupload.FileUploadException;
+import org.apache.commons.lang.StringEscapeUtils;
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.util.ServletUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.util.CertificateUtils;
+
+import com.datentechnik.process_engine.api.ExecutionContext;
+
+/**
+ * Parses the certificate from {@code InfoBoxReadResponse} (via POST parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE}), creates the auth block to be signed and returns a {@code CreateXMLSignatureRequest} for auth block signature.<p/>
+ * In detail:
+ * <ul>
+ * <li>Renames the moa session id.</li>
+ * <li>Retrieves the certificate via {@code InfoBoxReadResponse} from POST parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE}.</li>
+ * <li>Verifies the certificate.</li>
+ * <li>Creates the auth block to be signed using information from the certificate (Organwalter, foreign citizen.</li>
+ * <li>Puts it in a {@code CreateXMLSignatureRequest}.</li>
+ * <li>Updates moa session.</li>
+ * <li>Responds with {@code CreateXMLSignatureRequest}.</li>
+ * </ul>
+ * Expects:
+ * <ul>
+ * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
+ * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_SESSIONID} containing a {@code InfoBoxReadResponse}.</li>
+ * </ul>
+ * Result:
+ * <ul>
+ * <li>{@code CreateXMLSignatureRequest} send as HttpServletResponse (for CCE).</li>
+ * </ul>
+ * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet}.
+ * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
+ *
+ */
+public class VerifyCertificateTask extends AbstractAuthServletTask {
+
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
+			throws Exception {
+
+		// note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet
+
+		Logger.debug("POST VerifyCertificateServlet");
+		
+		String pendingRequestID = null;
+		
+		Map<String, String> parameters;
+	    try 
+	    {
+	      parameters = getParameters(req);
+	    } catch (FileUploadException e) 
+	    {
+	      Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+	      throw new IOException(e.getMessage());
+	     	}
+	    String sessionID = req.getParameter(PARAM_SESSIONID);
+	    
+	    // escape parameter strings
+		sessionID = StringEscapeUtils.escapeHtml(sessionID);
+		
+		pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+		
+	    AuthenticationSession session = null;
+	    try {
+	       // check parameter
+	       if (!ParamValidatorUtils.isValidSessionID(sessionID))
+	          throw new WrongParametersException("VerifyCertificate", PARAM_SESSIONID, "auth.12");
+	       
+	    	session = AuthenticationServer.getSession(sessionID);
+	    	
+	        //change MOASessionID
+	        sessionID = AuthenticationSessionStoreage.changeSessionID(session);
+	    	
+    		X509Certificate cert = AuthenticationServer.getInstance().getCertificate(sessionID, parameters);
+    		if (cert == null) {
+    			Logger.error("Certificate could not be read.");
+    			throw new AuthenticationException("auth.14", null);    		
+    		}
+    		
+	    	boolean useMandate = session.getUseMandate();
+	    	
+	    	if (useMandate) {
+
+	    		// verify certificate for OrganWalter
+	    		String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyCertificate(session, cert);
+	    		
+		    	try {
+					AuthenticationSessionStoreage.storeSession(session);
+				} catch (MOADatabaseException e) {
+					throw new MOAIDException("session store error", null);
+				}
+	    		
+		    	// TODO[branch]: Mandate; respond with CXSR for authblock signature, dataURL "/VerifyAuthBlock"
+		    	ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate");
+	    		
+	    	}
+	    	else {
+	    			
+		    	
+	    		String countrycode = CertificateUtils.getIssuerCountry(cert);
+	    		if (countrycode != null) {
+	    			if (countrycode.compareToIgnoreCase("AT") == 0) {
+	    				Logger.error("Certificate issuer country code is \"AT\". Login not support in foreign identities mode.");
+	    				throw new AuthenticationException("auth.22", null);
+	    			}
+	    		}
+	    		
+	    		// Foreign Identities Modus	
+		    	String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(session, cert);
+		      // build dataurl (to the GetForeignIDSerlvet)
+		    	String dataurl =
+	             new DataURLBuilder().buildDataURL(
+	               session.getAuthURL(),
+	               REQ_GET_FOREIGN_ID,
+	               session.getSessionID());
+	       
+		    	try {
+					AuthenticationSessionStoreage.storeSession(session);
+				} catch (MOADatabaseException e) {
+					throw new MOAIDException("session store error", null);
+				}
+		    	
+	    		// TODO[branch]: Foreign citizen; respond with CXSR for authblock signature, dataURL "/GetForeignID"
+		    	ServletUtils.writeCreateXMLSignatureRequest(resp, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl);
+		    	
+		    	Logger.debug("Send CreateXMLSignatureRequest to BKU");
+	    	}	    		    	 
+	    }
+	    catch (MOAIDException ex) {
+	      handleError(null, ex, req, resp, pendingRequestID);
+	      
+	    } catch (Exception e) {
+	    	Logger.error("CertificateValidation has an interal Error.", e);
+	    }
+	       
+	    
+	    finally {
+	    	ConfigurationDBUtils.closeSession();
+	    }
+
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
new file mode 100644
index 000000000..c880570b8
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
@@ -0,0 +1,103 @@
+package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
+
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
+
+import java.io.IOException;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringEscapeUtils;
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.logging.Logger;
+
+import com.datentechnik.process_engine.api.ExecutionContext;
+
+/**
+ * Verifies the identity link.<p/>
+ * In detail:
+ * <ul>
+ * <li>Renames the moa session id.</li>
+ * <li>Parses the identity link retrieved as {@code InfoBoxReadResponse} from POST parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE}.</li>
+ * <li>Verifies the identity link.</li>
+ * <li>Updates moa session.</li>
+ * <li>Puts boolean flag {@code identityLinkAvailable} into {@code ExecutionContext}.</li>
+ * </ul>
+ * Expects:
+ * <ul>
+ * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
+ * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE} containing a {@code InfoBoxReadResponse}.</li>
+ * </ul>
+ * Result:
+ * <ul>
+ * <li>Identity link put into moa session.</li>
+ * <li>Boolean flag {@code identityLinkAvailable} into {@code ExecutionContext}.</li>
+ * </ul>
+ * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet}.
+ * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
+ *
+ */
+public class VerifyIdentityLinkTask extends AbstractAuthServletTask {
+
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
+			throws Exception {
+
+		// note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet
+
+		Logger.debug("POST VerifyIdentityLink");
+
+		setNoCachingHeaders(resp);
+		
+		Map<String, String> parameters;
+		String pendingRequestID = null;
+
+		try {
+			parameters = getParameters(req);
+		} catch (Exception e) {
+			Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+			throw new IOException(e.getMessage());
+		}
+		
+		try {
+			
+			String sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID));
+			// check parameter
+			if (!ParamValidatorUtils.isValidSessionID(sessionID)) {
+				throw new WrongParametersException("VerifyIdentityLink", PARAM_SESSIONID, "auth.12");
+			}
+			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+
+			AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+
+			boolean identityLinkAvailable = AuthenticationServer.getInstance().verifyIdentityLink(session, parameters) != null;
+			AuthenticationSessionStoreage.storeSession(session);
+
+			executionContext.put("identityLinkAvailable", identityLinkAvailable);
+
+		} catch (ParseException ex) {
+			handleError(null, ex, req, resp, pendingRequestID);
+
+		} catch (MOAIDException ex) {
+			handleError(null, ex, req, resp, pendingRequestID);
+
+		} catch (Exception e) {
+			Logger.error("IdentityLinkValidation has an interal Error.", e);
+		}
+
+		finally {
+			ConfigurationDBUtils.closeSession();
+		}
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthModuleImpl.java
new file mode 100644
index 000000000..140334b36
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthModuleImpl.java
@@ -0,0 +1,27 @@
+package at.gv.egovernment.moa.id.auth.modules.stork;
+
+import org.apache.commons.lang3.StringUtils;
+
+import com.datentechnik.process_engine.api.ExecutionContext;
+
+import at.gv.egovernment.moa.id.moduls.moduleregistration.AuthModule;
+
+public class STORKAuthModuleImpl implements AuthModule {
+
+	@Override
+	public int getPriority() {
+		// neutral priority between Integer.MIN_VALUE and Integer.MAX_VALUE
+		return 0;
+	}
+
+	@Override
+	public String selectProcess(ExecutionContext context) {
+		return StringUtils.isNotBlank((String) context.get("ccc")) ? "STORKAuthentication" : null;
+	}
+
+	@Override
+	public String[] getProcessDefinitions() {
+		return new String[] { "classpath:at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthentication.process.xml" };
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/AbstractPepsConnectorWithLocalSigningTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/AbstractPepsConnectorWithLocalSigningTask.java
new file mode 100644
index 000000000..9ffcaaa1e
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/AbstractPepsConnectorWithLocalSigningTask.java
@@ -0,0 +1,257 @@
+package at.gv.egovernment.moa.id.auth.modules.stork.tasks;
+
+import iaik.x509.X509Certificate;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.StringWriter;
+import java.io.UnsupportedEncodingException;
+import java.security.cert.CertificateException;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+
+import javax.activation.DataSource;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.Source;
+import javax.xml.transform.TransformerConfigurationException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactoryConfigurationError;
+import javax.xml.transform.stream.StreamSource;
+
+import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.velocity.Template;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+import org.opensaml.saml2.core.StatusCode;
+import org.xml.sax.SAXException;
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.BKUException;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.auth.exception.ServiceException;
+import at.gv.egovernment.moa.id.auth.modules.internal.tasks.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet;
+import at.gv.egovernment.moa.id.auth.stork.STORKException;
+import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
+import at.gv.egovernment.moa.id.util.VelocityProvider;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.api.SPSSFactory;
+import at.gv.egovernment.moa.spss.api.SignatureVerificationService;
+import at.gv.egovernment.moa.spss.api.common.Content;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureLocation;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.util.StringUtils;
+import at.gv.util.xsd.xmldsig.SignatureType;
+import at.gv.util.xsd.xmldsig.X509DataType;
+
+import com.datentechnik.process_engine.api.ExecutionContext;
+
+import eu.stork.oasisdss.api.ApiUtils;
+import eu.stork.oasisdss.api.LightweightSourceResolver;
+import eu.stork.oasisdss.api.exceptions.ApiUtilsException;
+import eu.stork.oasisdss.api.exceptions.UtilsException;
+import eu.stork.oasisdss.profile.SignRequest;
+import eu.stork.oasisdss.profile.SignResponse;
+import eu.stork.peps.auth.commons.IPersonalAttributeList;
+import eu.stork.peps.auth.commons.PEPSUtil;
+import eu.stork.peps.auth.commons.PersonalAttribute;
+import eu.stork.peps.auth.commons.STORKAuthnRequest;
+import eu.stork.peps.auth.commons.STORKAuthnResponse;
+import eu.stork.peps.auth.engine.STORKSAMLEngine;
+import eu.stork.peps.exceptions.STORKSAMLEngineException;
+
+public abstract class AbstractPepsConnectorWithLocalSigningTask extends AbstractAuthServletTask {
+
+	String getCitizienSignatureFromSignResponse(SignResponse dssSignResponse) throws IllegalArgumentException,
+			TransformerConfigurationException, UtilsException, TransformerException,
+			TransformerFactoryConfigurationError, IOException, ApiUtilsException {
+		// fetch signed doc
+		DataSource ds = LightweightSourceResolver.getDataSource(dssSignResponse);
+		if (ds == null) {
+			throw new ApiUtilsException("No datasource found in response");
+		}
+
+		InputStream incoming = ds.getInputStream();
+		String citizenSignature = IOUtils.toString(incoming);
+		incoming.close();
+
+		return citizenSignature;
+	}
+
+	void SZRGInsertion(AuthenticationSession moaSession, IPersonalAttributeList personalAttributeList,
+			String authnContextClassRef, String citizenSignature) throws STORKException, MOAIDException {
+		Logger.debug("Foregin Citizen signature successfully extracted from STORK Assertion (signedDoc)");
+		Logger.debug("Citizen signature will be verified by SZR Gateway!");
+
+		Logger.debug("fetching OAParameters from database");
+
+		OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
+				moaSession.getPublicOAURLPrefix());
+		if (oaParam == null)
+			throw new AuthenticationException("auth.00", new Object[] { moaSession.getPublicOAURLPrefix() });
+
+		// retrieve target
+		// TODO: check in case of SSO!!!
+		String targetType = null;
+		if (oaParam.getBusinessService()) {
+			String id = oaParam.getIdentityLinkDomainIdentifier();
+			if (id.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_))
+				targetType = id;
+			else
+				targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_ + moaSession.getDomainIdentifier();
+		} else {
+			targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget();
+		}
+
+		Logger.debug("Starting connecting SZR Gateway");
+		// contact SZR Gateway
+		IdentityLink identityLink = null;
+
+		identityLink = STORKResponseProcessor.connectToSZRGateway(personalAttributeList, oaParam.getFriendlyName(),
+				targetType, null, oaParam.getMandateProfiles(), citizenSignature);
+		Logger.debug("SZR communication was successfull");
+
+		if (identityLink == null) {
+			Logger.error("SZR Gateway did not return an identity link.");
+			throw new MOAIDException("stork.10", null);
+		}
+		Logger.info("Received Identity Link from SZR Gateway");
+		moaSession.setIdentityLink(identityLink);
+
+		Logger.debug("Adding addtional STORK attributes to MOA session");
+		moaSession.setStorkAttributes(personalAttributeList);
+
+		// We don't have BKUURL, setting from null to "Not applicable"
+		moaSession.setBkuURL("Not applicable (STORK Authentication)");
+
+		// free for single use
+		moaSession.setAuthenticatedUsed(false);
+
+		// stork did the authentication step
+		moaSession.setAuthenticated(true);
+
+		// TODO: found better solution, but QAA Level in response could be not supported yet
+		try {
+			if (authnContextClassRef == null)
+				authnContextClassRef = PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel();
+			moaSession.setQAALevel(authnContextClassRef);
+
+		} catch (Throwable e) {
+			Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level");
+			moaSession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel());
+
+		}
+
+	}
+
+	X509Certificate getSignerCertificate(String citizenSignature) throws CertificateException, JAXBException,
+			UnsupportedEncodingException {
+		JAXBContext ctx = JAXBContext.newInstance(SignatureType.class.getPackage().getName());
+		SignatureType root = ((JAXBElement<SignatureType>) ctx.createUnmarshaller().unmarshal(
+				IOUtils.toInputStream(citizenSignature))).getValue();
+
+		// extract certificate
+		for (Object current : root.getKeyInfo().getContent())
+			if (((JAXBElement<?>) current).getValue() instanceof X509DataType) {
+				for (Object currentX509Data : ((JAXBElement<X509DataType>) current).getValue()
+						.getX509IssuerSerialOrX509SKIOrX509SubjectName()) {
+					JAXBElement<?> casted = ((JAXBElement<?>) currentX509Data);
+					if (casted.getName().getLocalPart().equals("X509Certificate")) {
+						return new X509Certificate(((String) casted.getValue()).getBytes("UTF-8"));
+					}
+				}
+			}
+		return null;
+	}
+
+	VerifyXMLSignatureResponse verifyXMLSignature(String signature) throws AuthenticationException, ParseException,
+			BKUException, BuildException, ConfigurationException, ServiceException, UnsupportedEncodingException,
+			SAXException, IOException, ParserConfigurationException, MOAException {
+		// Based on MOA demo client
+		// Factory und Service instanzieren
+		SPSSFactory spssFac = SPSSFactory.getInstance();
+		SignatureVerificationService sigVerifyService = SignatureVerificationService.getInstance();
+
+		Content sigDocContent1 = spssFac.createContent(IOUtils.toInputStream(signature, "UTF-8"), null);
+
+		// Position der zu prüfenden Signatur im Dokument angeben
+		// (Nachdem im XPath-Ausdruck ein NS-Präfix verwendet wird, muss in einer Lookup-Tabelle
+		// der damit bezeichnete Namenraum mitgegeben werden)
+		HashMap nSMap = new HashMap();
+		nSMap.put("dsig", "http://www.w3.org/2000/09/xmldsig#");
+		VerifySignatureLocation sigLocation = spssFac.createVerifySignatureLocation("//dsig:Signature", nSMap);
+
+		// Zu prüfendes Dokument und Signaturposition zusammenfassen
+
+		VerifySignatureInfo sigInfo = spssFac.createVerifySignatureInfo(sigDocContent1, sigLocation);
+
+		// Prüfrequest zusammenstellen
+		VerifyXMLSignatureRequest verifyRequest = spssFac.createVerifyXMLSignatureRequest(null, // Wird Prüfzeit nicht
+																								// angegeben, wird
+																								// aktuelle Zeit
+																								// verwendet
+				sigInfo, null, // Keine Ergänzungsobjekte notwendig
+				null, // Signaturmanifest-Prüfung soll nicht durchgeführt werden
+				false, // Hash-Inputdaten, d.h. tatsächlich signierte Daten werden nicht zurückgeliefert
+				"MOAIDBuergerkartePersonenbindungMitTestkarten");// TODO load from config
+		// "Test-Signaturdienste"); // ID des verwendeten Vertrauensprofils
+
+		VerifyXMLSignatureResponse verifyResponse = null;
+		try {
+			// Aufruf der Signaturprüfung
+			verifyResponse = sigVerifyService.verifyXMLSignature(verifyRequest);
+		} catch (MOAException e) {
+			// Service liefert Fehler
+			System.err.println("Die Signaturprüfung hat folgenden Fehler geliefert:");
+			System.err.println("Fehlercode: " + e.getMessageId());
+			System.err.println("Fehlernachricht: " + e.getMessage());
+			throw e;
+		}
+
+		return verifyResponse;
+	}
+
+	at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse convert(
+			VerifyXMLSignatureResponse xMLVerifySignatureResponse) {
+		at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse response = new at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse();
+		response.setCertificateCheckCode(xMLVerifySignatureResponse.getCertificateCheck().getCode());
+		response.setPublicAuthority(xMLVerifySignatureResponse.getSignerInfo().isPublicAuthority());
+		// response.setPublicAuthorityCode(publicAuthorityCode)
+		response.setQualifiedCertificate(xMLVerifySignatureResponse.getSignerInfo().isQualifiedCertificate());
+		response.setSignatureCheckCode(xMLVerifySignatureResponse.getSignatureCheck().getCode());
+		response.setSignatureManifestCheckCode(xMLVerifySignatureResponse.getSignatureManifestCheck().getCode());
+		// response.setSigningDateTime()
+		// response.setX509certificate(x509certificate)
+		response.setXmlDSIGManifestCheckCode(xMLVerifySignatureResponse.getSignatureManifestCheck().getCode());
+		// response.setXmlDSIGManigest(xMLVerifySignatureResponse.getSignatureManifestCheck())
+		// response.setXmlDsigSubjectName(xmlDsigSubjectName)
+		return response;
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
new file mode 100644
index 000000000..d7480f063
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
@@ -0,0 +1,114 @@
+package at.gv.egovernment.moa.id.auth.modules.stork.tasks;
+
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.modules.internal.tasks.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.stork.CPEPS;
+import at.gv.egovernment.moa.id.config.stork.STORKConfig;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.logging.Logger;
+
+import com.datentechnik.process_engine.api.ExecutionContext;
+
+/**
+ * Creates a SAML2 STORK authentication request, embeds it in a form (in order to satisfy saml post binging) and returns the form withing the HttpServletResponse.<p/>
+ * In detail:
+ * <ul>
+ * <li>Validates the stork configuration in order to make sure the selected country is supported.</li>
+ * <li>Puts a flag ({@link #PROCESS_CTX_KEY_CPEPS_ISXMLSIGSUPPORTED}) into the ExecutionContext reflecting the capability of the C-PEPS to create xml signatures.</li>
+ * <li>Invokes {@link AuthenticationServer#startSTORKAuthentication(HttpServletRequest, HttpServletResponse, AuthenticationSession)} which</li>
+ * <ul>
+ * <li>Creates and signs a SAML2 stork authentication request.</li>
+ * <li>Creates a signature request for auth block signature (either to be performed by the C-PEPS or locally).</li>
+ * <li>Using the velocity template engine in order to create a form with the embedded stork request.</li>
+ * <li>Writes the form to the response output stream.</li>
+ * </ul>
+ * </ul>
+ * Expects:
+ * <ul>
+ * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
+ * <li>Property {@code ccc} set within the moa session.</li>
+ * </ul>
+ * Result:
+ * <ul>
+ * <li>Form containing a SAML2 Stork authentication request and an action url pointing to the selected C-PEPS.</li>
+ * <li>Assertion consumer URL for C-PEPS set either to {@code /PEPSConnector} in case of a C-PEPS supporting xml signatures or {@code /PEPSConnectorWithLocalSigning} if the selected C-PEPS does not support xml signatures.</li>
+ * <li>In case of a C-PEPS not supporting xml signature: moasession with set signedDoc property (containing the signature request for local signing).</li>
+ * <li>ExecutionContext contains the boolean flag {@link #PROCESS_CTX_KEY_CPEPS_ISXMLSIGSUPPORTED}.
+ * </ul>
+ * Code taken from {@link StartAuthenticationBuilder#build(AuthenticationSession, HttpServletRequest, HttpServletResponse)}.<br/>
+ * Using {@link AuthenticationServer#startSTORKAuthentication(HttpServletRequest, HttpServletResponse, AuthenticationSession)}
+ * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
+ */
+public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask {
+
+	/**
+	 * Boolean value reflecting the capability of the selected c-peps of creating xml signatures.
+	 */
+	public static final String PROCESS_CTX_KEY_CPEPS_ISXMLSIGSUPPORTED = "C-PEPS:XMLSignatureSupported";
+
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
+			throws Exception {
+
+		String pendingRequestID = null;
+		String sessionID = null;
+		try {
+			setNoCachingHeaders(resp);
+
+			sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID));
+			// check parameter
+			if (!ParamValidatorUtils.isValidSessionID(sessionID)) {
+				throw new WrongParametersException("CreateStorkAuthRequestFormTask", PARAM_SESSIONID, "auth.12");
+			}
+			AuthenticationSession moasession = AuthenticationServer.getSession(sessionID);
+			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+
+			if (StringUtils.isEmpty(moasession.getCcc())) {
+				// illegal state; task should not have been executed without a selected country
+				throw new AuthenticationException("stork.22", new Object[] { sessionID });
+			}
+			STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig();
+			if (!storkConfig.isSTORKAuthentication(moasession.getCcc())) {
+				throw new AuthenticationException("stork.23", new Object[] { moasession.getCcc(), sessionID });
+			}
+
+			// STORK authentication
+			// cpeps cannot be null
+			CPEPS cpeps = storkConfig.getCPEPS(moasession.getCcc());
+			Logger.debug("Found C-PEPS configuration for citizen of country: " + moasession.getCcc());
+			executionContext.put(PROCESS_CTX_KEY_CPEPS_ISXMLSIGSUPPORTED, cpeps.isXMLSignatureSupported());
+
+			Logger.info("Starting STORK authentication for a citizen of country: " + moasession.getCcc());
+			AuthenticationServer.startSTORKAuthentication(req, resp, moasession);
+
+		} catch (MOAIDException ex) {
+			handleError(null, ex, req, resp, pendingRequestID);
+
+		} catch (Exception e) {
+			Logger.error("CreateStorkAuthRequestFormTask has an interal Error.", e);
+			throw new MOAIDException("Internal error.", new Object[] { sessionID }, e);
+		}
+
+		finally {
+			ConfigurationDBUtils.closeSession();
+		}
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java
new file mode 100644
index 000000000..d772a50c0
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java
@@ -0,0 +1,218 @@
+package at.gv.egovernment.moa.id.auth.modules.stork.tasks;
+
+import iaik.x509.X509Certificate;
+
+import java.io.IOException;
+import java.io.StringWriter;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.transform.Source;
+import javax.xml.transform.stream.StreamSource;
+
+import org.apache.commons.codec.binary.Base64;
+import org.apache.velocity.Template;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.stork.STORKException;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.VelocityProvider;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
+
+import com.datentechnik.process_engine.api.ExecutionContext;
+
+import eu.stork.oasisdss.api.ApiUtils;
+import eu.stork.oasisdss.profile.SignResponse;
+import eu.stork.peps.auth.commons.IPersonalAttributeList;
+import eu.stork.peps.auth.commons.PersonalAttribute;
+
+/**
+ * Processes the citizen's signature, creates identity link using szr gateway and finalizes authentication.
+ * <p/>
+ * In detail:
+ * <ul>
+ * <li>Changes moa session id.</li>
+ * <li>Decodes and validates the sign response, extracting the citizen's signature.</li>
+ * <li>Verifies the citizen's signature.</li>
+ * <li>Create {@code signedDoc} attribute.</li>
+ * <li>Retrieve identity link from SZR gateway using the citizen's signature.</li>
+ * <li>If the S-PEPS did not provide any gender information, the szr gateway will not be able to issue an identity link.
+ * Therefore a form is presented asking for the subject's gender. The form finally submits the user back to the
+ * {@code /PepsConnectorWithLocalSigning} servlet (this task).</li>
+ * <li>The moa session is updated with authentication information.</li>
+ * <li>Change moa session id.</li>
+ * <li>Redirects back to {@code /dispatcher} in order to finalize the authentication.</li>
+ * </ul>
+ * Expects:
+ * <ul>
+ * <li>HttpServletRequest parameter {@code moaSessionID}</li>
+ * <li>HttpServletRequest parameter {@code signresponse}</li>
+ * </ul>
+ * Result:
+ * <ul>
+ * <li>Updated moa id session (signed auth block, signer certificate etc.)</li>
+ * <li>Redirect to {@code /dispatcher}.</li>
+ * <li>{@link ExecutionContext} contains boolean flag {@code identityLinkAvailable} indicating if an identitylink has been successfully creates or not.</li>
+ * </ul>
+ * Possible branches:
+ * <ul>
+ * <li>In case the szr gateway throws exception due to missing gender information:
+ * <ul>
+ * <li>Returns a form for gender selection with action url back to this servlet/task.</li>
+ * </ul>
+ * </li>
+ * </ul>
+ * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet}.<br/>
+ *
+ * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
+ */
+public class PepsConnectorHandleLocalSignResponseTask extends AbstractPepsConnectorWithLocalSigningTask {
+
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+			throws Exception {
+		String moaSessionID = request.getParameter("moaSessionID");
+		String signResponse = request.getParameter("signresponse");
+		Logger.info("moaSessionID:" + moaSessionID);
+		Logger.info("signResponse:" + signResponse);
+
+		if (moaSessionID != null && signResponse != null) {
+			// redirect from oasis with signresponse
+			handleSignResponse(executionContext, request, response);
+		} else {
+			// should not occur
+			throw new IOException("should not occur");
+		}
+		return;
+	}
+
+	private void handleSignResponse(ExecutionContext executionContext, HttpServletRequest request,
+			HttpServletResponse response) {
+		Logger.info("handleSignResponse started");
+		String moaSessionID = request.getParameter("moaSessionID");
+		String signResponse = request.getParameter("signresponse");
+		Logger.info("moaSessionID:" + moaSessionID);
+		Logger.info("signResponse:" + signResponse);
+		String pendingRequestID = null;
+		try {
+
+			// load MOASession from database
+			AuthenticationSession moaSession = AuthenticationServer.getSession(moaSessionID);
+			// change MOASessionID
+			moaSessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
+
+			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);
+			Logger.info("pendingRequestID:" + pendingRequestID);
+			String signResponseString = new String(Base64.decodeBase64(signResponse), "UTF8");
+			Logger.info("RECEIVED signresponse:" + signResponseString);
+			// create SignResponse object
+			Source response1 = new StreamSource(new java.io.StringReader(signResponseString));
+			SignResponse dssSignResponse = ApiUtils.unmarshal(response1, SignResponse.class);
+
+			// SignResponse dssSignResponse = (SignResponse) ApiUtils.unmarshal(new StreamSource(new
+			// java.io.StringReader(Base64.signResponse)));
+
+			String citizenSignature = getCitizienSignatureFromSignResponse(dssSignResponse);
+
+			// memorize signature into authblock
+			moaSession.setAuthBlock(citizenSignature);
+
+			X509Certificate cert = getSignerCertificate(citizenSignature);
+			moaSession.setSignerCertificate(cert);
+			VerifyXMLSignatureResponse xMLVerifySignatureResponse = verifyXMLSignature(citizenSignature);
+			at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse tmp = convert(xMLVerifySignatureResponse);
+
+			moaSession.setXMLVerifySignatureResponse(tmp);
+			executionContext.put("identityLinkAvailable", false);
+			try {
+				IPersonalAttributeList personalAttributeList = moaSession.getAuthnResponseGetPersonalAttributeList();
+				// Add SignResponse TODO Add signature (extracted from signResponse)?
+				List<String> values = new ArrayList<String>();
+				values.add(signResponseString);
+				// values.add(citizenSignature);
+				Logger.debug("Assembling signedDoc attribute");
+				PersonalAttribute signedDocAttribute = new PersonalAttribute("signedDoc", false, values, "Available");
+				personalAttributeList.add(signedDocAttribute);
+
+				String authnContextClassRef = moaSession.getAuthnContextClassRef();
+				SZRGInsertion(moaSession, personalAttributeList, authnContextClassRef, citizenSignature);
+				executionContext.put("identityLinkAvailable", true);
+			} catch (STORKException e) {
+				// this is really nasty but we work against the system here. We are supposed to get the gender attribute
+				// from
+				// stork. If we do not, we cannot register the person in the ERnP - we have to have the
+				// gender for the represented person. So here comes the dirty hack.
+				if (e.getCause() instanceof STORKException
+						&& e.getCause().getMessage().equals("gender not found in response")) {
+					try {
+						Logger.trace("Initialize VelocityEngine...");
+
+						VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+						Template template = velocityEngine.getTemplate("/resources/templates/fetchGender.html");
+						VelocityContext context = new VelocityContext();
+						context.put("SAMLResponse", request.getParameter("SAMLResponse"));
+						context.put("action", request.getRequestURL());
+
+						StringWriter writer = new StringWriter();
+						template.merge(context, writer);
+						response.getOutputStream().write(writer.toString().getBytes("UTF-8"));
+					} catch (Exception e1) {
+						Logger.error("Error sending gender retrival form.", e1);
+						// httpSession.invalidate();
+						throw new MOAIDException("stork.10", null);
+					}
+
+					return;
+				}
+
+				Logger.error("Error connecting SZR Gateway", e);
+				throw new MOAIDException("stork.10", null);
+			}
+
+			Logger.debug("Add full STORK AuthnResponse to MOA session");
+			moaSession.setStorkAuthnResponse(request.getParameter("SAMLResponse"));// TODO ask Florian/Thomas
+																					// authnResponse?
+			moaSession.setForeigner(true);
+
+			// session is implicit stored in changeSessionID!!!!
+			String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
+
+			Logger.info("Changed MOASession " + moaSessionID + " to Session " + newMOASessionID);
+
+			// redirect
+			String redirectURL = null;
+			redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(),
+					ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction(), pendingRequestID),
+					newMOASessionID);
+			redirectURL = response.encodeRedirectURL(redirectURL);
+
+			response.sendRedirect(redirectURL);
+			Logger.info("REDIRECT TO: " + redirectURL);
+
+		} catch (AuthenticationException e) {
+			handleError(null, e, request, response, pendingRequestID);
+
+		} catch (MOAIDException e) {
+			handleError(null, e, request, response, pendingRequestID);
+
+		} catch (Exception e) {
+			Logger.error("PEPSConnector has an interal Error.", e);
+		}
+
+		finally {
+			ConfigurationDBUtils.closeSession();
+		}
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java
new file mode 100644
index 000000000..8ed1cf44f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java
@@ -0,0 +1,441 @@
+package at.gv.egovernment.moa.id.auth.modules.stork.tasks;
+
+import iaik.x509.X509Certificate;
+
+import java.io.IOException;
+import java.io.StringWriter;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.transform.Source;
+import javax.xml.transform.stream.StreamSource;
+
+import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.velocity.Template;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+import org.opensaml.saml2.core.StatusCode;
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet;
+import at.gv.egovernment.moa.id.auth.stork.STORKException;
+import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
+import at.gv.egovernment.moa.id.util.VelocityProvider;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.StringUtils;
+
+import com.datentechnik.process_engine.api.ExecutionContext;
+
+import eu.stork.oasisdss.api.ApiUtils;
+import eu.stork.oasisdss.profile.SignRequest;
+import eu.stork.oasisdss.profile.SignResponse;
+import eu.stork.peps.auth.commons.IPersonalAttributeList;
+import eu.stork.peps.auth.commons.PEPSUtil;
+import eu.stork.peps.auth.commons.PersonalAttribute;
+import eu.stork.peps.auth.commons.STORKAuthnRequest;
+import eu.stork.peps.auth.commons.STORKAuthnResponse;
+import eu.stork.peps.auth.engine.STORKSAMLEngine;
+import eu.stork.peps.exceptions.STORKSAMLEngineException;
+
+/**
+ * Validates the SAML response from C-PEPS.
+ * <p/>
+ * In detail:
+ * <ul>
+ * <li>Decodes and validates SAML response from C-PEPS.</li>
+ * <li>Retrieves the moa session using the session id provided by HttpServletRequest parameter {@code RelayState} or by {@code inResponseTo} attribute of the saml response.</li>
+ * <li>Store saml response in moa session.</li>
+ * <li>Change moa session id.</li>
+ * <li>Redirect to {@code /PEPSConnectorWithLocalSigning}, with providing the moa session id as request parameter.</li>
+ * </ul>
+ * Expects:
+ * <ul>
+ * <li>HttpServletRequest parameter {@code moaSessionID} <strong>to be {@code null}</strong></li>
+ * <li>HttpServletRequest parameter {@code signresponse} <strong>to be {@code null}</strong></li>
+ * <li>HttpServletRequest parameter {@code SAMLResponse}</li>
+ * <li>Either HttpServletRequest parameter {@code RelayState} or {@code inResponseTo} attribute within the saml response, both reflecting the moa session id.</li>
+ * </ul>
+ * Result:
+ * <ul>
+ * <li>Updated moa session (with saml response).</li>
+ * <li>Redirect to {@code /PEPSConnectorWithLocalSigning}, with providing the moa session id as request parameter.</li>
+ * </ul>
+ * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet}.<br/>
+ *
+ * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
+ */
+public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPepsConnectorWithLocalSigningTask {
+
+	private String oasisDssWebFormURL = "https://testvidp.buergerkarte.at/oasis-dss/DSSWebFormServlet";
+	// load from config below
+
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+			throws Exception {
+		String moaSessionID = request.getParameter("moaSessionID");
+		String signResponse = request.getParameter("signresponse");
+		Logger.info("moaSessionID:" + moaSessionID);
+		Logger.info("signResponse:" + signResponse);
+
+		if (moaSessionID == null && signResponse == null) {
+			// normal saml response
+			handleSAMLResponse(executionContext, request, response);
+
+		} else {
+			// should not occur
+			throw new IOException("should not occur");
+		}
+		return;
+	}
+
+	private void handleSAMLResponse(ExecutionContext executionContext, HttpServletRequest request,
+			HttpServletResponse response) {
+		Logger.info("handleSAMLResponse started");
+		String pendingRequestID = null;
+
+		setNoCachingHeaders(response);
+		try {
+			Logger.info("PEPSConnector Servlet invoked, expecting C-PEPS message.");
+			Logger.debug("This ACS endpoint is: " + HTTPUtils.getBaseURL(request));
+
+			Logger.trace("No Caching headers set for HTTP response");
+
+			// check if https or only http
+			super.checkIfHTTPisAllowed(request.getRequestURL().toString());
+
+			Logger.debug("Beginning to extract SAMLResponse out of HTTP Request");
+
+			// extract STORK Response from HTTP Request
+			// Decodes SAML Response
+			byte[] decSamlToken;
+			try {
+				decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLResponse"));
+				Logger.debug("SAMLResponse: " + new String(decSamlToken));
+
+			} catch (NullPointerException e) {
+				Logger.error("Unable to retrieve STORK Response", e);
+				throw new MOAIDException("stork.04", null);
+			}
+
+			// Get SAMLEngine instance
+			STORKSAMLEngine engine = STORKSAMLEngine.getInstance("outgoing");
+
+			STORKAuthnResponse authnResponse = null;
+			try {
+				// validate SAML Token
+				Logger.debug("Starting validation of SAML response");
+				authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, (String) request.getRemoteHost());
+				Logger.info("SAML response succesfully verified!");
+			} catch (STORKSAMLEngineException e) {
+				Logger.error("Failed to verify STORK SAML Response", e);
+				throw new MOAIDException("stork.05", null);
+			}
+
+			Logger.info("STORK SAML Response message succesfully extracted");
+			Logger.debug("STORK response: ");
+			Logger.debug(authnResponse.toString());
+
+			Logger.debug("Trying to find MOA Session-ID ...");
+			// String moaSessionID = request.getParameter(PARAM_SESSIONID);
+			// first use SAML2 relayState
+			String moaSessionID = request.getParameter("RelayState");
+
+			// escape parameter strings
+			moaSessionID = StringEscapeUtils.escapeHtml(moaSessionID);
+
+			// check if SAML2 relaystate includes a MOA sessionID
+			if (StringUtils.isEmpty(moaSessionID)) {
+				// if relaystate is emtpty, use SAML response -> inResponseTo element as session identifier
+
+				moaSessionID = authnResponse.getInResponseTo();
+				moaSessionID = StringEscapeUtils.escapeHtml(moaSessionID);
+
+				if (StringUtils.isEmpty(moaSessionID)) {
+					// No authentication session has been started before
+					Logger.error("MOA-SessionID was not found, no previous AuthnRequest had been started");
+					Logger.debug("PEPSConnectorURL was: " + request.getRequestURL());
+					throw new AuthenticationException("auth.02", new Object[] { moaSessionID });
+
+				} else
+					Logger.trace("Use MOA SessionID " + moaSessionID + " from AuthnResponse->inResponseTo attribute.");
+
+			} else
+				// Logger.trace("MOA SessionID " + moaSessionID + " is found in http GET parameter.");
+				Logger.trace("MOA SessionID " + moaSessionID + " is found in SAML2 relayState.");
+
+			/*
+			 * INFO!!!! SAML message IDs has an different format then MOASessionIDs This is only a workaround because
+			 * many PEPS does not support SAML2 relayState or MOASessionID as AttributConsumerServiceURL GET parameter
+			 */
+			// if (!ParamValidatorUtils.isValidSessionID(moaSessionID))
+			// throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12");
+
+			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);
+
+			// load MOASession from database
+			AuthenticationSession moaSession = AuthenticationServer.getSession(moaSessionID);
+			// change MOASessionID
+			moaSessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
+
+			Logger.info("Found MOA sessionID: " + moaSessionID);
+
+			String statusCodeValue = authnResponse.getStatusCode();
+
+			if (!statusCodeValue.equals(StatusCode.SUCCESS_URI)) {
+				Logger.error("Received ErrorResponse from PEPS: " + statusCodeValue);
+				throw new MOAIDException("stork.06", new Object[] { statusCodeValue });
+			}
+
+			Logger.info("Got SAML response with authentication success message.");
+
+			Logger.debug("MOA session is still valid");
+
+			STORKAuthnRequest storkAuthnRequest = moaSession.getStorkAuthnRequest();
+
+			if (storkAuthnRequest == null) {
+				Logger.error("Could not find any preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
+				throw new MOAIDException("stork.07", null);
+			}
+
+			Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
+
+			// //////////// incorporate gender from parameters if not in stork response
+
+			IPersonalAttributeList attributeList = authnResponse.getPersonalAttributeList();
+
+			// but first, check if we have a representation case
+			if (STORKResponseProcessor.hasAttribute("mandateContent", attributeList)
+					|| STORKResponseProcessor.hasAttribute("representative", attributeList)
+					|| STORKResponseProcessor.hasAttribute("represented", attributeList)) {
+				// in a representation case...
+				moaSession.setUseMandate("true");
+
+				// and check if we have the gender value
+				PersonalAttribute gender = attributeList.get("gender");
+				if (null == gender) {
+					String gendervalue = (String) request.getParameter("gender");
+					if (null != gendervalue) {
+						gender = new PersonalAttribute();
+						gender.setName("gender");
+						ArrayList<String> tmp = new ArrayList<String>();
+						tmp.add(gendervalue);
+						gender.setValue(tmp);
+
+						authnResponse.getPersonalAttributeList().add(gender);
+					}
+				}
+			}
+
+			
+			
+			// ////////////////////////////////////////////////////////////////////////
+
+			Logger.debug("Starting extraction of signedDoc attribute");
+			// extract signed doc element and citizen signature
+			String citizenSignature = null;
+			try {
+				PersonalAttribute signedDoc = authnResponse.getPersonalAttributeList().get("signedDoc");
+				String signatureInfo = null;
+				// FIXME: Remove nonsense code (signedDoc attribute... (throw Exception for "should not occur" situations)), adjust error messages in order to reflect the true problem...
+				if (signedDoc != null) {
+					signatureInfo = signedDoc.getValue().get(0);
+					// should not occur
+				} else {
+
+					// store SAMLResponse
+					moaSession.setSAMLResponse(request.getParameter("SAMLResponse"));
+					// store authnResponse
+
+					// moaSession.setAuthnResponse(authnResponse);//not serializable
+					moaSession.setAuthnResponseGetPersonalAttributeList(authnResponse.getPersonalAttributeList());
+
+					String authnContextClassRef = null;
+					try {
+						authnContextClassRef = authnResponse.getAssertions().get(0).getAuthnStatements().get(0)
+								.getAuthnContext().getAuthnContextClassRef().getAuthnContextClassRef();
+					} catch (Throwable e) {
+						Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level");
+					}
+
+					moaSession.setAuthnContextClassRef(authnContextClassRef);
+					moaSession.setReturnURL(request.getRequestURL());
+
+					// load signedDoc
+					String signRequest = moaSession.getSignedDoc();
+
+					// session is implicit stored in changeSessionID!!!!
+					String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
+
+					// set return url to PEPSConnectorWithLocalSigningServlet and add newMOASessionID
+					// signRequest
+
+					String issuerValue = AuthConfigurationProvider.getInstance().getPublicURLPrefix();
+					String acsURL = issuerValue
+							+ PEPSConnectorWithLocalSigningServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN;
+
+					String url = acsURL + "?moaSessionID=" + newMOASessionID;
+					// redirect to OASIS module and sign there
+
+					boolean found = false;
+					try {
+						List<AttributeProviderPlugin> aps = AuthConfigurationProvider.getInstance()
+								.getOnlineApplicationParameter(moaSession.getPublicOAURLPrefix()).getStorkAPs();
+						Logger.info("Found AttributeProviderPlugins:" + aps.size());
+						for (AttributeProviderPlugin ap : aps) {
+							Logger.info("Found AttributeProviderPlugin attribute:" + ap.getAttributes());
+							if (ap.getAttributes().equalsIgnoreCase("signedDoc")) {
+								// FIXME: A servlet's class field is not thread safe!!!
+								oasisDssWebFormURL = ap.getUrl();
+								found = true;
+								Logger.info("Loaded signedDoc attribute provider url from config:" + oasisDssWebFormURL);
+								break;
+							}
+						}
+					} catch (Exception e) {
+						e.printStackTrace();
+						Logger.error("Loading the signedDoc attribute provider url from config failed");
+					}
+					if (!found) {
+						Logger.error("Failed to load the signedDoc attribute provider url from config");
+					}
+					performRedirect(url, request, response, signRequest);
+
+					return;
+				}
+				
+				// FIXME: This servlet/task is intended to handle peps responses without signature, so why do we try to process that signature here?
+				SignResponse dssSignResponse = (SignResponse) ApiUtils.unmarshal(new StreamSource(
+						new java.io.StringReader(signatureInfo)));
+
+				citizenSignature = getCitizienSignatureFromSignResponse(dssSignResponse);
+
+				// memorize signature into authblock
+				moaSession.setAuthBlock(citizenSignature);
+
+				X509Certificate cert = getSignerCertificate(citizenSignature);
+				moaSession.setSignerCertificate(cert);
+				moaSession.setForeigner(true);
+
+			} catch (Throwable e) {
+				Logger.error("Could not extract citizen signature from C-PEPS", e);
+				throw new MOAIDException("stork.09", null);
+			}
+
+			// FIXME: Same here; we do not have the citizen's signature, so this code might be regarded as dead code.
+			try {
+				SZRGInsertion(moaSession, authnResponse.getPersonalAttributeList(), authnResponse.getAssertions()
+						.get(0).getAuthnStatements().get(0).getAuthnContext().getAuthnContextClassRef()
+						.getAuthnContextClassRef(), citizenSignature);
+			} catch (STORKException e) {
+				// this is really nasty but we work against the system here. We are supposed to get the gender attribute
+				// from
+				// stork. If we do not, we cannot register the person in the ERnP - we have to have the
+				// gender for the represented person. So here comes the dirty hack.
+				if (e.getCause() instanceof STORKException
+						&& e.getCause().getMessage().equals("gender not found in response")) {
+					try {
+						Logger.trace("Initialize VelocityEngine...");
+
+						VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+						Template template = velocityEngine.getTemplate("/resources/templates/fetchGender.html");
+						VelocityContext context = new VelocityContext();
+						context.put("SAMLResponse", request.getParameter("SAMLResponse"));
+						context.put("action", request.getRequestURL());
+
+						StringWriter writer = new StringWriter();
+						template.merge(context, writer);
+
+						response.getOutputStream().write(writer.toString().getBytes("UTF-8"));
+					} catch (Exception e1) {
+						Logger.error("Error sending gender retrival form.", e1);
+						// httpSession.invalidate();
+						throw new MOAIDException("stork.10", null);
+					}
+
+					return;
+				}
+
+				Logger.error("Error connecting SZR Gateway", e);
+				throw new MOAIDException("stork.10", null);
+			}
+
+			Logger.debug("Add full STORK AuthnResponse to MOA session");
+			moaSession.setStorkAuthnResponse(request.getParameter("SAMLResponse"));// TODO ask Florian/Thomas
+																					// authnResponse?
+
+			// session is implicit stored in changeSessionID!!!!
+			String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
+
+			Logger.info("Changed MOASession " + moaSessionID + " to Session " + newMOASessionID);
+
+			// redirect
+			String redirectURL = null;
+			redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(),
+					ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction(), pendingRequestID),
+					newMOASessionID);
+			redirectURL = response.encodeRedirectURL(redirectURL);
+
+			response.setContentType("text/html");
+			response.setStatus(302);
+			response.addHeader("Location", redirectURL);
+			Logger.info("REDIRECT TO: " + redirectURL);
+
+		} catch (AuthenticationException e) {
+			handleError(null, e, request, response, pendingRequestID);
+
+		} catch (MOAIDException e) {
+			handleError(null, e, request, response, pendingRequestID);
+
+		} catch (Exception e) {
+			Logger.error("PEPSConnector has an interal Error.", e);
+		}
+
+		finally {
+			ConfigurationDBUtils.closeSession();
+		}
+
+	}
+
+	private void performRedirect(String url, HttpServletRequest req, HttpServletResponse resp, String signRequestString)
+			throws MOAIDException {
+
+		try {
+			Logger.trace("Initialize VelocityEngine...");
+
+			VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+			Template template = velocityEngine.getTemplate("/resources/templates/oasis_dss_webform_binding.vm");
+			VelocityContext context = new VelocityContext();
+
+			Logger.debug("performRedirect, signrequest:" + signRequestString);
+			Source signDoc = new StreamSource(new java.io.StringReader(signRequestString));
+			SignRequest signRequest = ApiUtils.unmarshal(signDoc, SignRequest.class);
+			signRequest.setReturnURL("TODO");
+			signRequestString = IOUtils.toString(ApiUtils.marshalToInputStream(signRequest));
+			context.put("signrequest", Base64.encodeBase64String(signRequestString.getBytes("UTF8")));
+			context.put("clienturl", url);
+			context.put("action", oasisDssWebFormURL);
+
+			StringWriter writer = new StringWriter();
+			template.merge(context, writer);
+
+			resp.getOutputStream().write(writer.toString().getBytes("UTF-8"));
+		} catch (Exception e) {
+			Logger.error("Error sending DSS signrequest.", e);
+			throw new MOAIDException("stork.11", null);
+		}
+	}
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java
new file mode 100644
index 000000000..296132e76
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java
@@ -0,0 +1,567 @@
+package at.gv.egovernment.moa.id.auth.modules.stork.tasks;
+
+import iaik.x509.X509Certificate;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.StringWriter;
+import java.net.URL;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Properties;
+
+import javax.activation.DataSource;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.namespace.QName;
+import javax.xml.transform.stream.StreamSource;
+import javax.xml.ws.BindingProvider;
+import javax.xml.ws.Service;
+import javax.xml.ws.soap.SOAPBinding;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.velocity.Template;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+import org.opensaml.saml2.core.StatusCode;
+
+import com.datentechnik.process_engine.api.ExecutionContext;
+
+import eu.stork.documentservice.DocumentService;
+import eu.stork.documentservice.data.DatabaseConnectorMySQLImpl;
+import eu.stork.oasisdss.api.ApiUtils;
+import eu.stork.oasisdss.api.LightweightSourceResolver;
+import eu.stork.oasisdss.api.exceptions.ApiUtilsException;
+import eu.stork.oasisdss.profile.DocumentType;
+import eu.stork.oasisdss.profile.DocumentWithSignature;
+import eu.stork.oasisdss.profile.SignResponse;
+import eu.stork.peps.auth.commons.IPersonalAttributeList;
+import eu.stork.peps.auth.commons.PEPSUtil;
+import eu.stork.peps.auth.commons.PersonalAttribute;
+import eu.stork.peps.auth.commons.PersonalAttributeList;
+import eu.stork.peps.auth.commons.STORKAttrQueryRequest;
+import eu.stork.peps.auth.commons.STORKAuthnRequest;
+import eu.stork.peps.auth.commons.STORKAuthnResponse;
+import eu.stork.peps.auth.engine.STORKSAMLEngine;
+import eu.stork.peps.exceptions.STORKSAMLEngineException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.internal.tasks.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.stork.STORKException;
+import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
+import at.gv.egovernment.moa.id.util.VelocityProvider;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.StringUtils;
+import at.gv.util.xsd.xmldsig.SignatureType;
+import at.gv.util.xsd.xmldsig.X509DataType;
+
+/**
+ * Evaluates the SAML response from the C-PEPS and authenticates the user.
+ * <p/>
+ * In detail:
+ * <ul>
+ * <li>Decodes and validates the SAML response from the C-PEPS.</li>
+ * <li>Change moa session id.</li>
+ * <li>Extracts the subject's gender from request parameter {@code gender} if not available from the saml response.</li>
+ * <li>Extracts the {@code signedDoc} attribute from the response, get signed doc payload using stork attribute query request.</li>
+ * <li>Request SZR gateway for verification of the citizen's signature and for creating of an identity link.</li>
+ * <li>In case of mandate mode: If the S-PEPS did not provide any gender information, the szr gateway will not be able to issue an identity link. Therefore a form is presented asking for the subject's gender. The form submits the user back to the {@code /PepsConnector} servlet (this task).</li>
+ * <li>The moa session is updated with authentication information.</li>
+ * <li>Change moa session id.</li>
+ * <li>Redirects back to {@code /dispatcher} in order to finalize the authentication.</li>
+ * </ul>
+ * Expects:
+ * <ul>
+ * <li>HttpServletRequest parameter {@code SAMLResponse}</li>
+ * <li>Either HttpServletRequest parameter {@code RelayState} or {@code inResponseTo} attribute from the SAML response (both depicting the moa session id)</li>
+ * <li>HttpServletRequest parameter {@code gender} in case the request comes from the gender selection form</li>
+ * <li>{@code signedDoc} attribute within the SAML response.</li>
+ * </ul>
+ * Result:
+ * <ul>
+ * <li>Updated moa id session (identity link, stork attributes...)</li>
+ * <li>{@link ExecutionContext} contains boolean flag {@code identityLinkAvailable} indicating if an identitylink has been successfully creates or not.</li>
+ * <li>Redirect to {@code /dispatcher}.</li> 
+ * </ul>
+ * Possible branches:
+ * <ul>
+ * <li>In case the szr gateway throws exception due to missing gender information:
+ * <ul>
+ * <li>Returns a form for gender selection with action url back to this servlet/task.</li>
+ * </ul>
+ * </li>
+ * </ul>
+ * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet}.<br/>
+ *
+ * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
+ */
+public class PepsConnectorTask extends AbstractAuthServletTask {
+
+	private String dtlUrl = null;
+
+	public PepsConnectorTask() {
+		super();
+		Properties props = new Properties();
+		try {
+			props.load(DatabaseConnectorMySQLImpl.class.getResourceAsStream("docservice.properties"));
+			dtlUrl = props.getProperty("docservice.url");
+		} catch (IOException e) {
+			dtlUrl = "http://testvidp.buergerkarte.at/DocumentService/DocumentService";
+			Logger.error("Loading DTL config failed, using default value:" + dtlUrl);
+			e.printStackTrace();
+		}
+	}
+
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+			throws Exception {
+		String pendingRequestID = null;
+
+		setNoCachingHeaders(response);
+
+		try {
+
+			Logger.info("PEPSConnector Servlet invoked, expecting C-PEPS message.");
+			Logger.debug("This ACS endpoint is: " + HTTPUtils.getBaseURL(request));
+
+			// check if https or only http
+			super.checkIfHTTPisAllowed(request.getRequestURL().toString());
+
+			Logger.debug("Beginning to extract SAMLResponse out of HTTP Request");
+
+			// extract STORK Response from HTTP Request
+			// Decodes SAML Response
+			byte[] decSamlToken;
+			try {
+				decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLResponse"));
+				Logger.debug("SAMLResponse: " + new String(decSamlToken));
+
+			} catch (NullPointerException e) {
+				Logger.error("Unable to retrieve STORK Response", e);
+				throw new MOAIDException("stork.04", null);
+			}
+
+			// Get SAMLEngine instance
+			STORKSAMLEngine engine = STORKSAMLEngine.getInstance("outgoing");
+
+			STORKAuthnResponse authnResponse = null;
+			try {
+				// validate SAML Token
+				Logger.debug("Starting validation of SAML response");
+				authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, (String) request.getRemoteHost());
+				Logger.info("SAML response succesfully verified!");
+			} catch (STORKSAMLEngineException e) {
+				Logger.error("Failed to verify STORK SAML Response", e);
+				throw new MOAIDException("stork.05", null);
+			}
+
+			Logger.info("STORK SAML Response message succesfully extracted");
+			Logger.debug("STORK response: ");
+			Logger.debug(authnResponse.toString());
+
+			Logger.debug("Trying to find MOA Session-ID ...");
+			// String moaSessionID = request.getParameter(PARAM_SESSIONID);
+			// first use SAML2 relayState
+			String moaSessionID = request.getParameter("RelayState");
+
+			// escape parameter strings
+			moaSessionID = StringEscapeUtils.escapeHtml(moaSessionID);
+
+			// check if SAML2 relaystate includes a MOA sessionID
+			if (StringUtils.isEmpty(moaSessionID)) {
+				// if relaystate is emtpty, use SAML response -> inResponseTo element as session identifier
+
+				moaSessionID = authnResponse.getInResponseTo();
+				moaSessionID = StringEscapeUtils.escapeHtml(moaSessionID);
+
+				if (StringUtils.isEmpty(moaSessionID)) {
+					// No authentication session has been started before
+					Logger.error("MOA-SessionID was not found, no previous AuthnRequest had been started");
+					Logger.debug("PEPSConnectorURL was: " + request.getRequestURL());
+					throw new AuthenticationException("auth.02", new Object[] { moaSessionID });
+
+				} else
+					Logger.trace("Use MOA SessionID " + moaSessionID + " from AuthnResponse->inResponseTo attribute.");
+
+			} else
+				// Logger.trace("MOA SessionID " + moaSessionID + " is found in http GET parameter.");
+				Logger.trace("MOA SessionID " + moaSessionID + " is found in SAML2 relayState.");
+
+			/*
+			 * INFO!!!! SAML message IDs has an different format then MOASessionIDs This is only a workaround because
+			 * many PEPS does not support SAML2 relayState or MOASessionID as AttributConsumerServiceURL GET parameter
+			 */
+			// if (!ParamValidatorUtils.isValidSessionID(moaSessionID))
+			// throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12");
+
+			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);
+
+			// load MOASession from database
+			AuthenticationSession moaSession = AuthenticationServer.getSession(moaSessionID);
+			// change MOASessionID
+			moaSessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
+
+			Logger.info("Found MOA sessionID: " + moaSessionID);
+
+			String statusCodeValue = authnResponse.getStatusCode();
+
+			if (!statusCodeValue.equals(StatusCode.SUCCESS_URI)) {
+				Logger.error("Received ErrorResponse from PEPS: " + statusCodeValue);
+				throw new MOAIDException("stork.06", new Object[] { statusCodeValue });
+			}
+
+			Logger.info("Got SAML response with authentication success message.");
+
+			Logger.debug("MOA session is still valid");
+
+			STORKAuthnRequest storkAuthnRequest = moaSession.getStorkAuthnRequest();
+
+			if (storkAuthnRequest == null) {
+				Logger.error("Could not find any preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
+				throw new MOAIDException("stork.07", null);
+			}
+
+			Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
+
+			// //////////// incorporate gender from parameters if not in stork response
+
+			IPersonalAttributeList attributeList = authnResponse.getPersonalAttributeList();
+
+			// but first, check if we have a representation case
+			if (STORKResponseProcessor.hasAttribute("mandateContent", attributeList)
+					|| STORKResponseProcessor.hasAttribute("representative", attributeList)
+					|| STORKResponseProcessor.hasAttribute("represented", attributeList)) {
+				// in a representation case...
+				moaSession.setUseMandate("true");
+
+				// and check if we have the gender value
+				PersonalAttribute gender = attributeList.get("gender"); // TODO Do we need to check gender value if
+																		// there is no representation case?
+				if (null == gender) {
+					String gendervalue = (String) request.getParameter("gender");
+					if (null != gendervalue) {
+						gender = new PersonalAttribute();
+						gender.setName("gender");
+						ArrayList<String> tmp = new ArrayList<String>();
+						tmp.add(gendervalue);
+						gender.setValue(tmp);
+
+						authnResponse.getPersonalAttributeList().add(gender);
+					}
+				}
+			}
+
+			// ////////////////////////////////////////////////////////////////////////
+
+			Logger.debug("Starting extraction of signedDoc attribute");
+			// extract signed doc element and citizen signature
+			String citizenSignature = null;
+			try {
+				String signatureInfo = authnResponse.getPersonalAttributeList().get("signedDoc").getValue().get(0); // TODO ERROR HANDLING
+
+				Logger.debug("signatureInfo:" + signatureInfo);
+
+				SignResponse dssSignResponse = (SignResponse) ApiUtils.unmarshal(new StreamSource(
+						new java.io.StringReader(signatureInfo)));
+
+				// fetch signed doc
+				DataSource ds = LightweightSourceResolver.getDataSource(dssSignResponse);
+				if (ds == null) {
+					throw new ApiUtilsException("No datasource found in response");
+				}
+
+				InputStream incoming = ds.getInputStream();
+				citizenSignature = IOUtils.toString(incoming);
+				incoming.close();
+
+				Logger.debug("citizenSignature:" + citizenSignature);
+				if (isDocumentServiceUsed(citizenSignature) == true) {
+					Logger.debug("Loading document from DocumentService.");
+					String url = getDtlUrlFromResponse(dssSignResponse);
+					// get Transferrequest
+					String transferRequest = getDocTransferRequest(dssSignResponse.getDocUI(), url);
+					// Load document from DocujmentService
+					byte[] data = getDocumentFromDtl(transferRequest, url);
+					citizenSignature = new String(data, "UTF-8");
+					Logger.debug("Overridung citizenSignature with:" + citizenSignature);
+				}
+
+				JAXBContext ctx = JAXBContext.newInstance(SignatureType.class.getPackage().getName());
+				SignatureType root = ((JAXBElement<SignatureType>) ctx.createUnmarshaller().unmarshal(
+						IOUtils.toInputStream(citizenSignature))).getValue();
+
+				// memorize signature into authblock
+				moaSession.setAuthBlock(citizenSignature);
+
+				// extract certificate
+				for (Object current : root.getKeyInfo().getContent())
+					if (((JAXBElement<?>) current).getValue() instanceof X509DataType) {
+						for (Object currentX509Data : ((JAXBElement<X509DataType>) current).getValue()
+								.getX509IssuerSerialOrX509SKIOrX509SubjectName()) {
+							JAXBElement<?> casted = ((JAXBElement<?>) currentX509Data);
+							if (casted.getName().getLocalPart().equals("X509Certificate")) {
+								moaSession.setSignerCertificate(new X509Certificate(((String) casted.getValue())
+										.getBytes("UTF-8")));
+								break;
+							}
+						}
+					}
+
+			} catch (Throwable e) {
+				Logger.error("Could not extract citizen signature from C-PEPS", e);
+				throw new MOAIDException("stork.09", null);
+			}
+			Logger.debug("Foregin Citizen signature successfully extracted from STORK Assertion (signedDoc)");
+			Logger.debug("Citizen signature will be verified by SZR Gateway!");
+
+			Logger.debug("fetching OAParameters from database");
+
+			// //read configuration paramters of OA
+			// AuthenticationSession moasession;
+			// try {
+			// moasession = AuthenticationSessionStoreage.getSession(moaSessionID);
+			// } catch (MOADatabaseException e2) {
+			// Logger.error("could not retrieve moa session");
+			// throw new AuthenticationException("auth.01", null);
+			// }
+			OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
+					moaSession.getPublicOAURLPrefix());
+			if (oaParam == null)
+				throw new AuthenticationException("auth.00", new Object[] { moaSession.getPublicOAURLPrefix() });
+
+			// retrieve target
+			// TODO: check in case of SSO!!!
+			String targetType = null;
+			if (oaParam.getBusinessService()) {
+				String id = oaParam.getIdentityLinkDomainIdentifier();
+				if (id.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_))
+					targetType = id;
+				else
+					targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_ + moaSession.getDomainIdentifier();
+			} else {
+				targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget();
+			}
+
+			Logger.debug("Starting connecting SZR Gateway");
+			// contact SZR Gateway
+			IdentityLink identityLink = null;
+			executionContext.put("identityLinkAvailable", false);
+			try {
+				identityLink = STORKResponseProcessor.connectToSZRGateway(authnResponse.getPersonalAttributeList(),
+						oaParam.getFriendlyName(), targetType, null, oaParam.getMandateProfiles(), citizenSignature);
+			} catch (STORKException e) {
+				// this is really nasty but we work against the system here. We are supposed to get the gender attribute
+				// from
+				// stork. If we do not, we cannot register the person in the ERnP - we have to have the
+				// gender for the represented person. So here comes the dirty hack.
+				if (e.getCause() instanceof STORKException
+						&& e.getCause().getMessage().equals("gender not found in response")) {
+					try {
+						Logger.trace("Initialize VelocityEngine...");
+
+						VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+						Template template = velocityEngine.getTemplate("/resources/templates/fetchGender.html");
+						VelocityContext context = new VelocityContext();
+						context.put("SAMLResponse", request.getParameter("SAMLResponse"));
+						context.put("action", request.getRequestURL());
+
+						StringWriter writer = new StringWriter();
+						template.merge(context, writer);
+
+						response.getOutputStream().write(writer.toString().getBytes("UTF-8"));
+					} catch (Exception e1) {
+						Logger.error("Error sending gender retrival form.", e1);
+						// httpSession.invalidate();
+						throw new MOAIDException("stork.10", null);
+					}
+
+					return;
+				}
+
+				Logger.error("Error connecting SZR Gateway", e);
+				throw new MOAIDException("stork.10", null);
+			}
+			Logger.debug("SZR communication was successfull");
+
+			if (identityLink == null) {
+				Logger.error("SZR Gateway did not return an identity link.");
+				throw new MOAIDException("stork.10", null);
+			}
+			moaSession.setForeigner(true);
+
+			Logger.info("Received Identity Link from SZR Gateway");
+			executionContext.put("identityLinkAvailable", true);
+			moaSession.setIdentityLink(identityLink);
+
+			Logger.debug("Adding addtional STORK attributes to MOA session");
+			moaSession.setStorkAttributes(authnResponse.getPersonalAttributeList());
+
+			Logger.debug("Add full STORK AuthnResponse to MOA session");
+			moaSession.setStorkAuthnResponse(request.getParameter("SAMLResponse"));
+
+			// We don't have BKUURL, setting from null to "Not applicable"
+			moaSession.setBkuURL("Not applicable (STORK Authentication)");
+
+			// free for single use
+			moaSession.setAuthenticatedUsed(false);
+
+			// stork did the authentication step
+			moaSession.setAuthenticated(true);
+
+			// TODO: found better solution, but QAA Level in response could be not supported yet
+			try {
+
+				moaSession.setQAALevel(authnResponse.getAssertions().get(0).getAuthnStatements().get(0)
+						.getAuthnContext().getAuthnContextClassRef().getAuthnContextClassRef());
+
+			} catch (Throwable e) {
+				Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level");
+				moaSession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel());
+
+			}
+
+			// session is implicit stored in changeSessionID!!!!
+			String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
+
+			Logger.info("Changed MOASession " + moaSessionID + " to Session " + newMOASessionID);
+
+			// redirect
+			String redirectURL = null;
+			redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(),
+					ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction(), pendingRequestID),
+					newMOASessionID);
+			redirectURL = response.encodeRedirectURL(redirectURL);
+
+			// response.setContentType("text/html");
+			// response.setStatus(302);
+			// response.addHeader("Location", redirectURL);
+			response.sendRedirect(redirectURL);
+			Logger.info("REDIRECT TO: " + redirectURL);
+
+		} catch (AuthenticationException e) {
+			handleError(null, e, request, response, pendingRequestID);
+
+		} catch (MOAIDException e) {
+			handleError(null, e, request, response, pendingRequestID);
+
+		} catch (Exception e) {
+			Logger.error("PEPSConnector has an interal Error.", e);
+		}
+
+		finally {
+			ConfigurationDBUtils.closeSession();
+		}
+
+	}
+
+	private boolean isDocumentServiceUsed(String citizenSignature) // TODo add better check
+	{
+		if (citizenSignature
+				.contains("<table border=\"0\"><tr><td>Service Name:</td><td>{http://stork.eu}DocumentService</td></tr><tr><td>Port Name:</td><td>{http://stork.eu}DocumentServicePort</td></tr></table>"))
+			return true;
+		return false;
+	}
+
+	/**
+	 * Get DTL uril from the oasis sign response
+	 * 
+	 * @param signRequest
+	 *            The signature response
+	 * @return The URL of DTL service
+	 * @throws SimpleException
+	 */
+	private String getDtlUrlFromResponse(SignResponse dssSignResponse) {
+		List<DocumentWithSignature> documents = ApiUtils.findNamedElement(dssSignResponse.getOptionalOutputs(),
+				ApiUtils.OPTIONAL_OUTPUT_DOCUMENTWITHSIGNATURE, DocumentWithSignature.class);
+		DocumentType sourceDocument = documents.get(0).getDocument();
+
+		if (sourceDocument.getDocumentURL() != null)
+			return sourceDocument.getDocumentURL();
+		else
+			return null;// throw new Exception("No document url found");
+	}
+
+	// From DTLPEPSUTIL
+
+	/**
+	 * Get document from DTL
+	 * 
+	 * @param transferRequest
+	 *            The transfer request (attribute query)
+	 * @param eDtlUrl
+	 *            The DTL url of external DTL
+	 * @return the document data
+	 * @throws SimpleException
+	 */
+	private byte[] getDocumentFromDtl(String transferRequest, String eDtlUrl) throws Exception {
+		URL url = null;
+		try {
+			url = new URL(dtlUrl);
+			QName qname = new QName("http://stork.eu", "DocumentService");
+
+			Service service = Service.create(url, qname);
+			DocumentService docservice = service.getPort(DocumentService.class);
+
+			BindingProvider bp = (BindingProvider) docservice;
+			SOAPBinding binding = (SOAPBinding) bp.getBinding();
+			binding.setMTOMEnabled(true);
+
+			if (eDtlUrl.equalsIgnoreCase(dtlUrl))
+				return docservice.getDocument(transferRequest, "");
+			else
+				return docservice.getDocument(transferRequest, eDtlUrl);
+		} catch (Exception e) {
+			e.printStackTrace();
+			throw new Exception("Error in getDocumentFromDtl", e);
+		}
+	}
+
+	/**
+	 * Get a document transfer request (attribute query)
+	 * 
+	 * @param docId
+	 * @return
+	 * @throws SimpleException
+	 */
+	private String getDocTransferRequest(String docId, String destinationUrl) throws Exception {
+		String spCountry = docId.substring(0, docId.indexOf("/"));
+		final STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");
+		STORKAttrQueryRequest req = new STORKAttrQueryRequest();
+		req.setAssertionConsumerServiceURL(dtlUrl);
+		req.setDestination(destinationUrl);
+		req.setSpCountry(spCountry);
+		req.setQaa(3);// TODO
+		PersonalAttributeList pal = new PersonalAttributeList();
+		PersonalAttribute attr = new PersonalAttribute();
+		attr.setName("docRequest");
+		attr.setIsRequired(true);
+		attr.setValue(Arrays.asList(docId));
+		pal.add(attr);
+		req.setPersonalAttributeList(pal);
+
+		STORKAttrQueryRequest req1;
+		try {
+			req1 = engine.generateSTORKAttrQueryRequest(req);
+			return PEPSUtil.encodeSAMLTokenUrlSafe(req1.getTokenSaml());
+		} catch (STORKSAMLEngineException e) {
+			e.printStackTrace();
+			throw new Exception("Error in doc request attribute query generation", e);
+		}
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
index f8b0dbdab..64899565b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
@@ -69,9 +69,9 @@ import at.gv.egovernment.moa.id.auth.data.IdentityLink;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.modules.internal.tasks.GetForeignIDTask;
 import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
-import at.gv.egovernment.moa.id.auth.tasks.GetForeignIDTask;
 import at.gv.egovernment.moa.id.client.SZRGWClientException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.moduls.ModulUtils;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
index dd5253e77..ffd01299e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
@@ -67,7 +67,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.tasks.GetMISSessionIDTask;
+import at.gv.egovernment.moa.id.auth.modules.internal.tasks.GetMISSessionIDTask;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
 import at.gv.egovernment.moa.id.config.ConnectionParameter;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
index 02e1cb12d..af4b7ffbb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
@@ -97,7 +97,7 @@ import javax.xml.ws.BindingProvider;
 
 /**
  * Endpoint for receiving STORK response messages
- * @deprecated Use {@link at.gv.egovernment.moa.id.auth.tasks.stork.PepsConnectorTask} instead.
+ * @deprecated Use {@link at.gv.egovernment.moa.id.auth.modules.stork.tasks.PepsConnectorTask} instead.
  */
 public class PEPSConnectorServlet extends AuthServlet {
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java
index fa80bdab9..c01a356f6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java
@@ -109,7 +109,7 @@ import eu.stork.peps.exceptions.STORKSAMLEngineException;
 
 /**
  * Endpoint for receiving STORK response messages
- * @deprecated Use {@link at.gv.egovernment.moa.id.auth.tasks.stork.PepsConnectorHandleResponseWithoutSignatureTask} instead.
+ * @deprecated Use {@link at.gv.egovernment.moa.id.auth.modules.stork.tasks.PepsConnectorHandleResponseWithoutSignatureTask} instead.
  */
 public class PEPSConnectorWithLocalSigningServlet extends AuthServlet {
 	private static final long serialVersionUID = 1L;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
index dc350bfb7..67c42cd07 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -71,7 +71,7 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.tasks.VerifyAuthenticationBlockTask;
+import at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyAuthenticationBlockTask;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.ConnectionParameter;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
index 77e401899..82cdb2778 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
@@ -65,7 +65,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.tasks.VerifyCertificateTask;
+import at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyCertificateTask;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
index e94273881..6f2ee2d89 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -64,7 +64,7 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.tasks.VerifyIdentityLinkTask;
+import at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyIdentityLinkTask;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/AbstractAuthServletTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/AbstractAuthServletTask.java
deleted file mode 100644
index 9a5c2baee..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/AbstractAuthServletTask.java
+++ /dev/null
@@ -1,379 +0,0 @@
-package at.gv.egovernment.moa.id.auth.tasks;
-
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Map.Entry;
-
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletContext;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.fileupload.FileItem;
-import org.apache.commons.fileupload.FileItemFactory;
-import org.apache.commons.fileupload.FileUploadException;
-import org.apache.commons.fileupload.disk.DiskFileItemFactory;
-import org.apache.commons.fileupload.servlet.ServletFileUpload;
-import org.apache.commons.lang3.ArrayUtils;
-
-import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet;
-import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl;
-import at.gv.egovernment.moa.id.storage.IExceptionStore;
-import at.gv.egovernment.moa.id.util.ServletUtils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-import com.datentechnik.process_engine.springweb.AbstractSpringWebSupportedTask;
-
-/**
- * Task based counterpart to {@link AuthServlet}, providing the same utility methods (error handling, parameter parsing
- * etc.).</p> The code has been taken from {@link AuthServlet}.
- */
-public abstract class AbstractAuthServletTask extends AbstractSpringWebSupportedTask {
-
-	protected static final String ERROR_CODE_PARAM = "errorid";
-
-	protected void handleErrorNoRedirect(String errorMessage, Throwable exceptionThrown,
-			HttpServletRequest req, HttpServletResponse resp) {
-
-		if (null != errorMessage) {
-			Logger.error(errorMessage);
-			req.setAttribute("ErrorMessage", errorMessage);
-		}
-
-		if (null != exceptionThrown) {
-			if (null == errorMessage)
-				errorMessage = exceptionThrown.getMessage();
-			Logger.error(errorMessage, exceptionThrown);
-			req.setAttribute("ExceptionThrown", exceptionThrown);
-		}
-
-		if (Logger.isDebugEnabled()) {
-			req.setAttribute("LogLevel", "debug");
-		}
-		
-		
-		StatisticLogger logger = StatisticLogger.getInstance();
-		logger.logErrorOperation(exceptionThrown);
-		
-		
-		// forward this to errorpage-auth.jsp where the HTML error page is
-		// generated
-		ServletContext context = req.getServletContext();
-		RequestDispatcher dispatcher = context
-				.getRequestDispatcher("/errorpage-auth.jsp");
-		try {
-
-			resp.setHeader(HEADER_EXPIRES, HEADER_VALUE_EXPIRES);
-			resp.setHeader(HEADER_PRAGMA, HEADER_VALUE_PRAGMA);
-			resp.setHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL);
-			resp.addHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL_IE);
-
-			dispatcher.forward(req, resp);
-		} catch (ServletException e) {
-			Logger.error(e);
-		} catch (IOException e) {
-			Logger.error(e);
-		}
-	}
-	
-	/**
-	 * Handles an error. <br>>
-	 * <ul>
-	 * <li>Logs the error</li>
-	 * <li>Places error message and exception thrown into the request as request
-	 * attributes (to be used by <code>"/errorpage-auth.jsp"</code>)</li>
-	 * <li>Sets HTTP status 500 (internal server error)</li>
-	 * </ul>
-	 * 
-	 * @param errorMessage
-	 *            error message
-	 * @param exceptionThrown
-	 *            exception thrown
-	 * @param req
-	 *            servlet request
-	 * @param resp
-	 *            servlet response
-	 */
-	protected void handleError(String errorMessage, Throwable exceptionThrown,
-			HttpServletRequest req, HttpServletResponse resp, String pendingRequestID) {
-
-		if (null != errorMessage) {
-			Logger.error(errorMessage);
-			req.setAttribute("ErrorMessage", errorMessage);
-		}
-
-		if (null != exceptionThrown) {
-			if (null == errorMessage)
-				errorMessage = exceptionThrown.getMessage();
-			Logger.error(errorMessage, exceptionThrown);
-			req.setAttribute("ExceptionThrown", exceptionThrown);
-		}
-
-		if (Logger.isDebugEnabled()) {
-			req.setAttribute("LogLevel", "debug");
-		}
-
-		if (!(exceptionThrown instanceof MOAIDException)) {
-			Logger.error("Receive an internal error: Message=" + exceptionThrown.getMessage(), exceptionThrown);
-			
-		}
-		
-		IExceptionStore store = DBExceptionStoreImpl.getStore();
-		String id = store.storeException(exceptionThrown);
-
-		if (id != null && MiscUtil.isNotEmpty(pendingRequestID)) {
-		
-			String redirectURL = null;
-
-			redirectURL = ServletUtils.getBaseUrl(req);
-			redirectURL += "/dispatcher?" + ERROR_CODE_PARAM + "=" + id 
-					+ "&" + DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;
-		
-			resp.setContentType("text/html");
-			resp.setStatus(302);
-	
-			resp.addHeader("Location", redirectURL);		
-			Logger.debug("REDIRECT TO: " + redirectURL);	
-		
-			return;
-			
-		} else {
-			
-			//Exception can not be stored in database
-			handleErrorNoRedirect(errorMessage, exceptionThrown, req, resp);
-		}
-	}
-
-	/**
-	 * Handles a <code>WrongParametersException</code>.
-	 * 
-	 * @param req
-	 *            servlet request
-	 * @param resp
-	 *            servlet response
-	 */
-	protected void handleWrongParameters(WrongParametersException ex,
-			HttpServletRequest req, HttpServletResponse resp) {
-		Logger.error(ex.toString());
-		req.setAttribute("WrongParameters", ex.getMessage());
-
-		// forward this to errorpage-auth.jsp where the HTML error page is
-		// generated
-		ServletContext context = req.getServletContext();
-		RequestDispatcher dispatcher = context
-				.getRequestDispatcher("/errorpage-auth.jsp");
-		try {
-			setNoCachingHeaders(resp);
-			dispatcher.forward(req, resp);
-		} catch (ServletException e) {
-			Logger.error(e);
-		} catch (IOException e) {
-			Logger.error(e);
-		}
-	}
-
-	/**
-	 * Logs all servlet parameters for debugging purposes.
-	 */
-	protected void logParameters(HttpServletRequest req) {
-		for (Enumeration params = req.getParameterNames(); params
-				.hasMoreElements();) {
-			String parname = (String) params.nextElement();
-			Logger.debug("Parameter " + parname + req.getParameter(parname));
-		}
-	}
-
-	/**
-	 * Parses the request input stream for parameters, assuming parameters are
-	 * encoded UTF-8 (no standard exists how browsers should encode them).
-	 * 
-	 * @param req
-	 *            servlet request
-	 * 
-	 * @return mapping parameter name -> value
-	 * 
-	 * @throws IOException
-	 *             if parsing request parameters fails.
-	 * 
-	 * @throws FileUploadException
-	 *             if parsing request parameters fails.
-	 */
-	protected Map<String, String> getParameters(HttpServletRequest req) throws IOException,
-			FileUploadException {
-
-		Map<String, String> parameters = new HashMap<String, String>();
-
-		if (ServletFileUpload.isMultipartContent(req)) {
-			// request is encoded as mulitpart/form-data
-			FileItemFactory factory = new DiskFileItemFactory();
-			ServletFileUpload upload = null;
-			upload = new ServletFileUpload(factory);
-			List items = null;
-			items = upload.parseRequest(req);
-			for (int i = 0; i < items.size(); i++) {
-				FileItem item = (FileItem) items.get(i);
-				if (item.isFormField()) {
-					// Process only form fields - no file upload items
-					String logString = item.getString("UTF-8");
-
-					// TODO use RegExp
-					String startS = "<pr:Identification><pr:Value>";
-					String endS = "</pr:Value><pr:Type>urn:publicid:gv.at:baseid</pr:Type>";
-					String logWithMaskedBaseid = logString;
-					int start = logString.indexOf(startS);
-					if (start > -1) {
-						int end = logString.indexOf(endS);
-						if (end > -1) {
-							logWithMaskedBaseid = logString.substring(0, start);
-							logWithMaskedBaseid += startS;
-							logWithMaskedBaseid += "xxxxxxxxxxxxxxxxxxxxxxxx";
-							logWithMaskedBaseid += logString.substring(end,
-									logString.length());
-						}
-					}
-					parameters
-							.put(item.getFieldName(), item.getString("UTF-8"));
-					Logger.debug("Processed multipart/form-data request parameter: \nName: "
-							+ item.getFieldName()
-							+ "\nValue: "
-							+ logWithMaskedBaseid);
-				}
-			}
-		}
-
-		else {
-			// request is encoded as application/x-www-urlencoded
-			// [tknall]: we must not consume request body input stream once servlet-api request parameters have been accessed
-			
-			/*
-			InputStream in = req.getInputStream();
-
-			String paramName;
-			String paramValueURLEncoded;
-			do {
-				paramName = new String(readBytesUpTo(in, '='));
-				if (paramName.length() > 0) {
-					paramValueURLEncoded = readBytesUpTo(in, '&');
-					String paramValue = URLDecoder.decode(paramValueURLEncoded,
-							"UTF-8");
-					parameters.put(paramName, paramValue);
-				}
-			} while (paramName.length() > 0);
-			in.close();
-			*/
-			
-			Iterator<Entry<String, String[]>> requestParamIt = req.getParameterMap().entrySet().iterator();
-			while (requestParamIt.hasNext()) {
-				Entry<String, String[]> entry = requestParamIt.next();
-				String key = entry.getKey();
-				String[] values = entry.getValue();
-				// take the last value from the value array since the legacy code above also does it this way
-				parameters.put(key, ArrayUtils.isEmpty(values) ? null : values[values.length-1]); 
-			}
-			
-		}
-
-		return parameters;
-	}
-
-	/**
-	 * Reads bytes up to a delimiter, consuming the delimiter.
-	 * 
-	 * @param in
-	 *            input stream
-	 * @param delimiter
-	 *            delimiter character
-	 * @return String constructed from the read bytes
-	 * @throws IOException
-	 */
-	protected String readBytesUpTo(InputStream in, char delimiter)
-			throws IOException {
-		ByteArrayOutputStream bout = new ByteArrayOutputStream();
-		boolean done = false;
-		int b;
-		while (!done && (b = in.read()) >= 0) {
-			if (b == delimiter)
-				done = true;
-			else
-				bout.write(b);
-		}
-		return bout.toString();
-	}
-
-	/**
-	 * Sets response headers that prevent caching (code taken from {@link AuthServlet}).
-	 * 
-	 * @param resp
-	 *            The HttpServletResponse.
-	 */
-	public void setNoCachingHeaders(HttpServletResponse resp) {
-		resp.setHeader(HEADER_EXPIRES, HEADER_VALUE_EXPIRES);
-		resp.setHeader(HEADER_PRAGMA, HEADER_VALUE_PRAGMA);
-		resp.setHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL);
-		resp.addHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL_IE);
-	}
-
-	/**
-	 * Adds a parameter to a URL.
-	 * 
-	 * @param url
-	 *            the URL
-	 * @param paramname
-	 *            parameter name
-	 * @param paramvalue
-	 *            parameter value
-	 * @return the URL with parameter added
-	 */
-	protected static String addURLParameter(String url, String paramname,
-			String paramvalue) {
-		String param = paramname + "=" + paramvalue;
-		if (url.indexOf("?") < 0)
-			return url + "?" + param;
-		else
-			return url + "&" + param;
-	}
-
-	/**
-	 * Checks if HTTP requests are allowed
-	 * 
-	 * @param authURL
-	 *            requestURL
-	 * @throws AuthenticationException
-	 *             if HTTP requests are not allowed
-	 * @throws ConfigurationException
-	 */
-	protected void checkIfHTTPisAllowed(String authURL)
-			throws AuthenticationException, ConfigurationException {
-		// check if HTTP Connection may be allowed (through
-		// FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
-		
-		//Removed from MOA-ID 2.0 config
-//		String boolStr = AuthConfigurationProvider
-//				.getInstance()
-//				.getGenericConfigurationParameter(
-//						AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
-		if ((!authURL.startsWith("https:"))
-				//&& (false == BoolUtils.valueOf(boolStr))
-				)
-			throw new AuthenticationException("auth.07", new Object[] { authURL
-					+ "*" });
-
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/CertificateReadRequestTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/CertificateReadRequestTask.java
deleted file mode 100644
index 8cd0db679..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/CertificateReadRequestTask.java
+++ /dev/null
@@ -1,101 +0,0 @@
-package at.gv.egovernment.moa.id.auth.tasks;
-
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.lang.StringEscapeUtils;
-import org.apache.commons.lang3.BooleanUtils;
-
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
-import at.gv.egovernment.moa.id.util.ServletUtils;
-import at.gv.egovernment.moa.logging.Logger;
-
-import com.datentechnik.process_engine.api.ExecutionContext;
-
-/**
- * Creates {@code InfoBoxReadRequest} in order to read the subject's certificates.<p/>
- * In detail:
- * <ul>
- * <li>Renames the moa session id.</li>
- * <li>Creates {@code InfoBoxReadRequest} in order to read the subject's certificates.</li>
- * <li>Responds with {@code InfoBoxReadRequest} (for CCE), {@code DataURL} is {@code /VerifyCertificate}</li>
- * </ul>
- * Expects:
- * <ul>
- * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
- * </ul>
- * Result:
- * <ul>
- * <li>Responds with {@code InfoBoxReadRequest} (for CCE), {@code DataURL} is {@code {/VerifyCertificate}</li>
- * </ul>
- * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet}.
- * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
- *
- */
-public class CertificateReadRequestTask extends AbstractAuthServletTask {
-
-	@Override
-	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
-			throws Exception {
-
-		// TODO[branch]: Foreign citizen or mandate mode; respond with IRR for certificates, dataURL = "/VerifyCertificate"
-		Logger.info("Send InfoboxReadRequest to BKU to get signer certificate.");
-
-		setNoCachingHeaders(resp);
-
-		String pendingRequestID = null;
-		
-		try {
-		
-			String sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID));
-			
-			// check parameter
-			if (!ParamValidatorUtils.isValidSessionID(sessionID)) {
-				throw new WrongParametersException("CertificateReadRequestTask", PARAM_SESSIONID, "auth.12");
-			}
-
-			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
-
-			AuthenticationSession session = AuthenticationServer.getSession(sessionID);
-
-			boolean useMandate = session.getUseMandate();
-			boolean identityLinkAvailable = BooleanUtils.isTrue((Boolean) executionContext.get("identityLinkAvailable"));
-			
-			if (!identityLinkAvailable && useMandate) {
-				Logger.error("Online-Mandate Mode for foreign citizencs not supported.");
-				throw new AuthenticationException("auth.13", null);
-			}
-
-			// change MOASessionID
-			AuthenticationSessionStoreage.changeSessionID(session);
-			
-			// create the InfoboxReadRequest to get the certificate
-			String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);
-
-			// build dataurl (to the VerifyCertificateSerlvet)
-			String dataurl = new DataURLBuilder().buildDataURL(session.getAuthURL(), REQ_VERIFY_CERTIFICATE,
-					session.getSessionID());
-
-			ServletUtils.writeCreateXMLSignatureRequest(resp, infoboxReadRequest,
-					AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
-		
-		} catch (MOAIDException ex) {
-			handleError(null, ex, req, resp, pendingRequestID);
-		} finally {
-			ConfigurationDBUtils.closeSession();
-		}		
-
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/CreateIdentityLinkFormTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/CreateIdentityLinkFormTask.java
deleted file mode 100644
index ff55eedeb..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/CreateIdentityLinkFormTask.java
+++ /dev/null
@@ -1,120 +0,0 @@
-package at.gv.egovernment.moa.id.auth.tasks;
-
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
-
-import java.io.PrintWriter;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.lang.StringEscapeUtils;
-import org.apache.commons.lang3.ObjectUtils;
-
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet;
-import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-import at.gv.egovernment.moa.util.StringUtils;
-
-import com.datentechnik.process_engine.api.ExecutionContext;
-
-/**
- * Creates a http form including an embedded {@code InfoBoxReadRequest} for reading the identity link.<p/>
- * In detail:
- * <ul>
- * <li>Renames the moa session id.</li>
- * <li>Removes ExecutionContext property {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}.</li>
- * <li>Creates the http form mentioned above.</li>
- * <li>Returns the http form via HttpServletResponse.</li>
- * </ul>
- * Expects:
- * <ul>
- * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID} <strong>or</strong></li>
- * <li>ExecutionContext property {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID} (in case of legacy authentication without CCE selection, where the moa session is not provided by request parameter).</li>
- * </ul>
- * Result:
- * <ul>
- * <li>The identity link form via HttpServletResponse.</li>
- * </ul>
- * Possible branches:
- * <ul>
- * <li>In case of STORK authentication
- * <ul>
- * <li>Creates STORK auth SAML request.</li>
- * <li>Creates and returns a form for submitting the SAML request to the CPEPS (post binding).</li>
- * <li>Returns the form via HttpServletResponse.</li>
- * </ul>
- * </li>
- * </ul>
- * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet}.
- * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
- *
- */
-public class CreateIdentityLinkFormTask extends AbstractAuthServletTask {
-
-	@Override
-	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
-			throws Exception {
-
-		String pendingRequestID = null;
-		String moasessionid = StringEscapeUtils.escapeHtml(ObjectUtils.defaultIfNull(req.getParameter(PARAM_SESSIONID), (String) executionContext.get(PARAM_SESSIONID)));
-		AuthenticationSession moasession = null;
-		try {
-			
-			if (MiscUtil.isEmpty(moasessionid)) {
-				Logger.warn("MOASessionID is empty.");
-				throw new MOAIDException("auth.18", new Object[] {});
-			}
-			
-			try {
-			
-				pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moasessionid);
-				moasession = AuthenticationSessionStoreage.getSession(moasessionid);
-				AuthenticationSessionStoreage.changeSessionID(moasession);
-				executionContext.remove(PARAM_SESSIONID);
-			
-			} catch (MOADatabaseException e) {
-				Logger.info("MOASession with SessionID=" + moasessionid + " is not found in Database");
-				throw new MOAIDException("init.04", new Object[] { moasessionid });
-
-			} catch (Throwable e) {
-				Logger.info("No HTTP Session found!");
-				throw new MOAIDException("auth.18", new Object[] {});
-			}
-
-			StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance();
-			String getIdentityLinkForm = startauth.build(moasession, req, resp);
-
-			if (!StringUtils.isEmpty(getIdentityLinkForm)) {
-				resp.setContentType("text/html;charset=UTF-8");
-				PrintWriter out = new PrintWriter(resp.getOutputStream());
-				out.print(getIdentityLinkForm);
-				out.flush();
-				Logger.debug("Finished GET " + GenerateIFrameTemplateServlet.class);
-			}
-			
-		} catch (WrongParametersException ex) {
-			handleWrongParameters(ex, req, resp);
-		}
-
-		catch (MOAIDException ex) {
-			handleError(null, ex, req, resp, pendingRequestID);
-
-		} catch (Exception e) {
-			Logger.error("CreateIdentityLinkFormTask has an interal Error.", e);
-
-		}
-
-		finally {
-			ConfigurationDBUtils.closeSession();
-		}
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/GetForeignIDTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/GetForeignIDTask.java
deleted file mode 100644
index 2ce6a1ae8..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/GetForeignIDTask.java
+++ /dev/null
@@ -1,182 +0,0 @@
-package at.gv.egovernment.moa.id.auth.tasks;
-
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.security.cert.CertificateException;
-import java.util.Map;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.transform.TransformerException;
-
-import org.apache.commons.fileupload.FileUploadException;
-import org.apache.commons.lang.StringEscapeUtils;
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.exception.ParseException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
-import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
-import at.gv.egovernment.moa.id.client.SZRGWClientException;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.moduls.ModulUtils;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse;
-
-import com.datentechnik.process_engine.api.ExecutionContext;
-
-/**
- * Evaluates the {@code CreateXMLSignatureResponse}, extracts signature and certificate and asks the SZR Gateway for an identity link.<p/>
- * In detail:
- * <ul>
- * <li>Renames the moa session id.</li>
- * <li>Parses the CreateXMLSignatureResponse retrieved from POST parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE}.</li>
- * <li>Extracts signature and signer certificate.</li>
- * <li>Send request to SZR Gateway in order to get an identity link.</li>
- * <li>Updates moa session (sets identity link, QAA level 4, authentication data and foreigner flag).</li>
- * <li>Redirects back to {@code /dispatcher} in order to finalize authentication.</li>
- * </ul>
- * Expects:
- * <ul>
- * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
- * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE} containing a {@code CreateXMLSignatureResponse}.</li>
- * </ul>
- * Result:
- * <ul>
- * <li>Identity link, QAA level 4 and foreigner flag put into moa session.</li>
- * <li>Redirect to {@code /dispatcher}.</li>
- * </ul>
- * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.GetForeignIDServlet}.
- * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
- *
- */
-public class GetForeignIDTask extends AbstractAuthServletTask {
-
-	@Override
-	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
-			throws Exception {
-
-		Logger.debug("POST GetForeignIDServlet");
-
-		setNoCachingHeaders(resp);
-
-		Map<String, String> parameters;
-
-		try {
-			parameters = getParameters(req);
-		} catch (FileUploadException e) {
-			Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
-			throw new IOException(e.getMessage());
-		}
-		
-		String sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID));
-		String pendingRequestID = null;
-		String redirectURL = null;
-		AuthenticationSession session = null;
-		try {
-			// check parameter
-			if (!ParamValidatorUtils.isValidSessionID(sessionID)) {
-				throw new WrongParametersException("GetForeignID", PARAM_SESSIONID, "auth.12");
-			}
-			String xmlCreateXMLSignatureResponse = (String) parameters.get(PARAM_XMLRESPONSE);
-			if (!ParamValidatorUtils.isValidXMLDocument(xmlCreateXMLSignatureResponse)) {
-				throw new WrongParametersException("GetForeignID", PARAM_XMLRESPONSE, "auth.12");
-			}
-			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
-			session = AuthenticationServer.getSession(sessionID);
-
-			// change MOASessionID
-			sessionID = AuthenticationSessionStoreage.changeSessionID(session);
-
-			Logger.debug(xmlCreateXMLSignatureResponse);
-
-			CreateXMLSignatureResponse csresp = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse)
-					.parseResponseDsig();
-
-			try {
-				String serializedAssertion = DOMUtils.serializeNode(csresp.getDsigSignature());
-				session.setAuthBlock(serializedAssertion);
-
-			} catch (TransformerException e) {
-				throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE });
-
-			} catch (IOException e) {
-				throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE });
-
-			}
-
-			Element signature = csresp.getDsigSignature();
-
-			try {
-				session.setSignerCertificate(AuthenticationServer.getCertificateFromXML(signature));
-			} catch (CertificateException e) {
-				Logger.error("Could not extract certificate from CreateXMLSignatureResponse");
-				throw new MOAIDException("auth.14", null);
-			}
-
-			// make SZR request to the identity link
-			CreateIdentityLinkResponse response = AuthenticationServer.getInstance().getIdentityLink(signature);
-
-			if (null != response.getErrorResponse()) {
-				// TODO fix exception parameter
-				throw new SZRGWClientException("service.08", (String) response.getErrorResponse().getErrorCode(),
-						(String) response.getErrorResponse().getInfo());
-			} else {
-				IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream(
-						response.getIdentityLink()));
-				IdentityLink identitylink = ilParser.parseIdentityLink();
-				session.setIdentityLink(identitylink);
-
-				// set QAA Level four in case of card authentifcation
-				session.setQAALevel(PVPConstants.STORK_QAA_1_4);
-
-				AuthenticationServer.getInstance().getForeignAuthenticationData(session);
-
-				// session is implicit stored in changeSessionID!!!!
-				String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session);
-
-				Logger.info("Changed MOASession " + sessionID + " to Session " + newMOASessionID);
-				Logger.info("Daten angelegt zu MOASession " + newMOASessionID);
-
-				redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(),
-						ModulUtils.buildAuthURL(session.getModul(), session.getAction(), pendingRequestID),
-						newMOASessionID);
-				redirectURL = resp.encodeRedirectURL(redirectURL);
-
-				// TODO[branch]: Final step back to /dispatcher
-
-				try {
-					AuthenticationSessionStoreage.storeSession(session);
-				} catch (MOADatabaseException e) {
-					throw new MOAIDException("Session store error", null);
-				}
-
-				resp.setContentType("text/html");
-				resp.setStatus(302);
-				resp.addHeader("Location", redirectURL);
-				Logger.debug("REDIRECT TO: " + redirectURL);
-			}
-
-		} catch (MOAIDException ex) {
-			handleError(null, ex, req, resp, pendingRequestID);
-
-		} catch (Exception e) {
-			Logger.error("GetForeignIDServlet has an interal Error.", e);
-
-		}
-
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/GetMISSessionIDTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/GetMISSessionIDTask.java
deleted file mode 100644
index a7ee086af..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/GetMISSessionIDTask.java
+++ /dev/null
@@ -1,181 +0,0 @@
-package at.gv.egovernment.moa.id.auth.tasks;
-
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
-import iaik.pki.PKIException;
-
-import java.security.GeneralSecurityException;
-import java.util.List;
-
-import javax.net.ssl.SSLSocketFactory;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.parsers.ParserConfigurationException;
-
-import org.apache.commons.lang.StringEscapeUtils;
-import org.xml.sax.SAXException;
-
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.moduls.ModulUtils;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
-import at.gv.egovernment.moa.id.util.SSLUtils;
-import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
-import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
-
-import com.datentechnik.process_engine.api.ExecutionContext;
-
-/**
- * Retrieves a mandate from the online mandate issuing service.<p/>
- * In detail:
- * <ul>
- * <li>Renames the moa session id.</li>
- * <li>Retrieves the mandate referenced within the moa session from the online (external) mandate issuing service.</li>
- * <li>Verifies the mandate.</li>
- * <li>Puts mandate into moa session.</li>
- * <li>Redirects back to {@code /dispatcher} in order to finalize the authentication.</li>
- * </ul>
- * Expects:
- * <ul>
- * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
- * </ul>
- * Result:
- * <ul>
- * <li>Mandate put into moa session.</li>
- * <li>Redirect to {@code /dispatcher}.</li>
- * </ul>
- * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.GetMISSessionIDServlet}.
- * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
- *
- */
-public class GetMISSessionIDTask extends AbstractAuthServletTask {
-
-	@Override
-	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
-			throws Exception {
-		
-		Logger.debug("POST GetMISSessionIDServlet");
-
-		String sessionID = req.getParameter(PARAM_SESSIONID);
-
-		// escape parameter strings
-		sessionID = StringEscapeUtils.escapeHtml(sessionID);
-
-		AuthenticationSession session = null;
-		String pendingRequestID = null;
-		try {
-			// check parameter
-			if (!ParamValidatorUtils.isValidSessionID(sessionID))
-				throw new WrongParametersException("VerifyCertificate",
-						PARAM_SESSIONID, "auth.12");
-
-			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
-			
-			session = AuthenticationServer.getSession(sessionID);
-
-			//change MOASessionID
-		    sessionID = AuthenticationSessionStoreage.changeSessionID(session);
-			
-			String misSessionID = session.getMISSessionID();
-
-			AuthConfigurationProvider authConf = AuthConfigurationProvider
-					.getInstance();
-			ConnectionParameter connectionParameters = authConf
-					.getOnlineMandatesConnectionParameter();
-			SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(
-					AuthConfigurationProvider.getInstance(),
-					connectionParameters);
-
-			List<MISMandate> list = MISSimpleClient.sendGetMandatesRequest(
-					connectionParameters.getUrl(), misSessionID, sslFactory);
-
-			if (list == null || list.size() == 0) {
-				Logger.error("Keine Vollmacht gefunden.");
-				throw new AuthenticationException("auth.15", null);
-			}
-
-			// for now: list contains only one element
-			MISMandate mandate = (MISMandate) list.get(0);
-
-			// TODO[tlenz]: UTF-8 ?
-			String sMandate = new String(mandate.getMandate());
-			if (sMandate == null || sMandate.compareToIgnoreCase("") == 0) {
-				Logger.error("Mandate is empty.");
-				throw new AuthenticationException("auth.15",
-						new Object[] { GET_MIS_SESSIONID });
-			}
-						
-			//check if it is a parsable XML
-			byte[] byteMandate = mandate.getMandate();
-			// TODO[tlenz]: UTF-8 ?
-			String stringMandate = new String(byteMandate);
-			DOMUtils.parseDocument(stringMandate, false,
-					null, null).getDocumentElement();
-			
-			// extract RepresentationType
-			AuthenticationServer.getInstance().verifyMandate(session, mandate);
-			
-			session.setMISMandate(mandate);
-			session.setAuthenticatedUsed(false);
-			session.setAuthenticated(true);
-			
-	    	//set QAA Level four in case of card authentifcation
-	    	session.setQAALevel(PVPConstants.STORK_QAA_1_4);
-			
-			String oldsessionID = session.getSessionID();
-			
-			//Session is implicite stored in changeSessionID!!!
-			String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session);
-			
-			Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID);
-			Logger.info("Daten angelegt zu MOASession " + newMOASessionID);
-						
-			String redirectURL = new DataURLBuilder().buildDataURL(
-					session.getAuthURL(),
-					ModulUtils.buildAuthURL(session.getModul(),
-							session.getAction(), pendingRequestID), newMOASessionID);
-			redirectURL = resp.encodeRedirectURL(redirectURL);
-			
-			// TODO[branch]: Final step back to /dispatcher
-			
-			resp.setContentType("text/html");
-			resp.setStatus(302);
-			resp.addHeader("Location", redirectURL);
-			Logger.debug("REDIRECT TO: " + redirectURL);
-
-		} catch (MOAIDException ex) {
-			handleError(null, ex, req, resp, pendingRequestID);
-			
-		} catch (GeneralSecurityException ex) {
-			handleError(null, ex, req, resp, pendingRequestID);
-			
-		} catch (PKIException e) {
-			handleError(null, e, req, resp, pendingRequestID);
-			
-		} catch (SAXException e) {
-			handleError(null, e, req, resp, pendingRequestID);
-			
-		} catch (ParserConfigurationException e) {
-			handleError(null, e, req, resp, pendingRequestID);
-			
-	    } catch (Exception e) {
-	    	Logger.error("MISMandateValidation has an interal Error.", e);
-	       
-	    }
-	    finally {
-	    	ConfigurationDBUtils.closeSession();
-	    }
-		
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/PrepareAuthBlockSignatureTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/PrepareAuthBlockSignatureTask.java
deleted file mode 100644
index 566616fcd..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/PrepareAuthBlockSignatureTask.java
+++ /dev/null
@@ -1,102 +0,0 @@
-package at.gv.egovernment.moa.id.auth.tasks;
-
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.lang.StringEscapeUtils;
-
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
-import at.gv.egovernment.moa.id.util.ServletUtils;
-import at.gv.egovernment.moa.logging.Logger;
-
-import com.datentechnik.process_engine.api.ExecutionContext;
-
-/**
- * Creates {@code CreateXMLSignatureRequest} for auth block signature.<p/>
- * In detail:
- * <ul>
- * <li>Renames the moa session id.</li>
- * <li>Creates {@code CreateXMLSignatureRequest} for auth block signature.</li>
- * <li>Responds with {@code CreateXMLSignatureRequest} (for CCE), {@code DataURL} is {@code {/VerifyAuthBlock}</li>
- * </ul>
- * Expects:
- * <ul>
- * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
- * </ul>
- * Result:
- * <ul>
- * <li>Responds with {@code CreateXMLSignatureRequest} (for CCE), {@code DataURL} is {@code {/VerifyAuthBlock}</li>
- * </ul>
- * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet}.
- * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
- *
- */
-public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask {
-
-	@Override
-	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
-			throws Exception {
-		// note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet
-
-		Logger.debug("Process IdentityLink");
-
-		setNoCachingHeaders(resp);
-		
-		String pendingRequestID = null;
-
-		try {
-			
-			String sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID));
-			
-			// check parameter
-			if (!ParamValidatorUtils.isValidSessionID(sessionID)) {
-				throw new WrongParametersException("VerifyIdentityLink", PARAM_SESSIONID, "auth.12");
-			}
-
-			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
-
-			AuthenticationSession session = AuthenticationServer.getSession(sessionID);
-
-			// change MOASessionID
-			sessionID = AuthenticationSessionStoreage.changeSessionID(session);
-				
-			Logger.info("Normal");
-
-			// TODO[branch]: Default behaviour; respond with CXSR for authblock signature, dataURL "/VerifyAuthBlock"
-
-			OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
-					session.getPublicOAURLPrefix());
-			AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
-
-			String createXMLSignatureRequest = AuthenticationServer.getInstance()
-					.getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam);
-
-			AuthenticationSessionStoreage.storeSession(session);
-			
-			ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session,
-					createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT,
-					"VerifyIdentityLink");
-
-		} catch (MOAIDException ex) {
-			handleError(null, ex, req, resp, pendingRequestID);
-
-		} catch (Exception e) {
-			Logger.error("IdentityLinkValidation has an interal Error.", e);
-		}
-
-		finally {
-			ConfigurationDBUtils.closeSession();
-		}
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyAuthenticationBlockTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyAuthenticationBlockTask.java
deleted file mode 100644
index 956ec9c88..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyAuthenticationBlockTask.java
+++ /dev/null
@@ -1,246 +0,0 @@
-package at.gv.egovernment.moa.id.auth.tasks;
-
-import iaik.pki.PKIException;
-
-import java.io.IOException;
-import java.security.GeneralSecurityException;
-import java.util.List;
-import java.util.Map;
-
-import javax.net.ssl.SSLSocketFactory;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.transform.TransformerException;
-
-import org.apache.commons.fileupload.FileUploadException;
-import org.apache.commons.lang.StringEscapeUtils;
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.moduls.ModulUtils;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
-import at.gv.egovernment.moa.id.util.SSLUtils;
-import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId;
-import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
-
-import com.datentechnik.process_engine.api.ExecutionContext;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
-
-/**
- * Verifies the signed authentication block (provided as {@code CreateXMLSignatureResponse}).<p/>
- * In detail:
- * <ul>
- * <li>Renames the moa session id.</li>
- * <li>Takes the {@code CreateXMLSignatureResponse} from POST parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE}.</li>
- * <li>Verifies the {@code CreateXMLSignatureResponse}.</li>
- * <li>Updates moa session.</li>
- * <li>Redirects back to {@code /dispatcher} in order to finalize the authentication.</li>
- * </ul>
- * Expects:
- * <ul>
- * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
- * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE} containing a {@code CreateXMLSignatureResponse}.</li>
- * </ul>
- * Result:
- * <ul>
- * <li>Authentication data put into moa session.</li>
- * <li>Redirect to {@code /dispatcher}.</li>
- * </ul>
- * Possible branches:
- * <ul>
- * <li>In case of mandate mode
- * <ul>
- * <li>Creates a mandate session at the external mandate issuing service.</li>
- * <li>Redirects the user's browser to the online mandate issuing service GUI.</li>
- * </ul>
- * </li>
- * </ul>
- * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet}.
- * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
- *
- */
-public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask {
-
-	@Override
-	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
-			throws Exception {
-
-		// note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet
-		
-		Logger.debug("POST VerifyAuthenticationBlock");
-		
-		String pendingRequestID = null;		
-		
-	    Map<String, String> parameters;
-	    try 
-	    {
-	      parameters = getParameters(req);
-	    } catch (FileUploadException e) 
-	    {
-	      Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
-	      throw new IOException(e.getMessage());
-	      
-	    }
-			String sessionID = req.getParameter(PARAM_SESSIONID);
-			String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);
-
-			// escape parameter strings
-			sessionID = StringEscapeUtils.escapeHtml(sessionID);
-			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
-		   		
-			String redirectURL = null;
-			try {
-	         // check parameter
-	         if (!ParamValidatorUtils.isValidSessionID(sessionID))
-	            throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12");
-	         if (!ParamValidatorUtils.isValidXMLDocument(createXMLSignatureResponse))
-	            throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12");
-
-				AuthenticationSession session = AuthenticationServer.getSession(sessionID);
-
-				//change MOASessionID
-			    sessionID = AuthenticationSessionStoreage.changeSessionID(session);
-				
-				String authenticatedMOASessionId = AuthenticationServer.getInstance().verifyAuthenticationBlock(session, createXMLSignatureResponse);
-				
-				if (authenticatedMOASessionId == null) { 
-					//mandate Mode
-				
-					  AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance();
-						ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter();	
-						SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters);
-						
-						// get identitity link as byte[]
-						Element elem = session.getIdentityLink().getSamlAssertion();
-						String s = DOMUtils.serializeNode(elem);
-						
-						//System.out.println("IDL: " + s);
-						
-						byte[] idl = s.getBytes("UTF-8");
-						
-						// redirect url
-						// build redirect(to the GetMISSessionIdSerlvet)
-						
-						//change MOASessionID before MIS request
-						String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session);
-						
-				        redirectURL =
-				              new DataURLBuilder().buildDataURL(
-				                session.getAuthURL(),
-				                GET_MIS_SESSIONID,
-				                newMOASessionID);
-						
-				        String oaURL = session.getOAURLRequested();
-				        OAAuthParameter oaParam = authConf.getOnlineApplicationParameter(oaURL);
-				        List<String> profiles = oaParam.getMandateProfiles();
-
-				        if (profiles == null) {
-				      	  Logger.error("No Mandate/Profile for OA configured.");
-				      	  throw new AuthenticationException("config.21", new Object[] { GET_MIS_SESSIONID});
-				        }
-				        
-				        String oaFriendlyName = oaParam.getFriendlyName();
-				        String mandateReferenceValue = session.getMandateReferenceValue();
-				        byte[] cert = session.getEncodedSignerCertificate();
-				        byte[] authBlock = session.getAuthBlock().getBytes("UTF-8");
-				        
-				        //TODO: check in case of SSO!!!
-				        String targetType = null;  
-				        if(oaParam.getBusinessService()) {
-				        	String id = oaParam.getIdentityLinkDomainIdentifier();
-				        	if (id.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_))
-				        		targetType = id;
-				        	else
-				        		targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+session.getDomainIdentifier();
-				        	
-				        } else {
-				        	targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget();
-				        }
-				        
-				        MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(
-				        		connectionParameters.getUrl(), 
-				        		idl, 
-				        		cert, 
-				        		oaFriendlyName, 
-				        		redirectURL, 
-				        		mandateReferenceValue, 
-				        		profiles, 
-				        		targetType,
-				        		authBlock,
-				        		sslFactory);
-				        
-				        if (misSessionID == null) {
-				      	  Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null.");
-				      	  throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service.");
-				        }
-				        
-				        String redirectMISGUI = misSessionID.getRedirectURL();
-				        session.setMISSessionID(misSessionID.getSessiondId());
-					
-						try {
-							AuthenticationSessionStoreage.storeSession(session);
-						} catch (MOADatabaseException e) {
-							throw new MOAIDException("Session store error", null);
-						}
-				        
-						// TODO[branch]: Mandate; redirect to MIS website; website redirects back to "/GetMISSessionID"
-						
-				        resp.setStatus(302);
-				    	  resp.addHeader("Location", redirectMISGUI);
-				    	  Logger.debug("REDIRECT TO: " + redirectURL);
-				}
-				else {
-					// TODO[branch]: Final step back to /dispatcher
-					redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), 
-							ModulUtils.buildAuthURL(session.getModul(), session.getAction(), pendingRequestID), authenticatedMOASessionId);
-							
-					resp.setContentType("text/html");
-					resp.setStatus(302);
-				
-					resp.addHeader("Location", redirectURL);		
-					Logger.debug("REDIRECT TO: " + redirectURL);				
-					
-				}
-				
-			}
-	    
-			catch (MOAIDException ex) {
-				handleError(null, ex, req, resp, pendingRequestID);
-				
-			} catch (GeneralSecurityException e) {
-				handleError(null, e, req, resp, pendingRequestID);
-				
-			} catch (PKIException e) {
-				handleError(null, e, req, resp, pendingRequestID);
-				
-			} catch (TransformerException e) {
-				handleError(null, e, req, resp, pendingRequestID);
-				
-		    } catch (Exception e) {
-		    	Logger.error("AuthBlockValidation has an interal Error.", e);
-		    }
-		       
-			
-		    finally {
-		    	ConfigurationDBUtils.closeSession();
-		    }		
-		
-		
-		
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyCertificateTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyCertificateTask.java
deleted file mode 100644
index 854c78161..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyCertificateTask.java
+++ /dev/null
@@ -1,164 +0,0 @@
-package at.gv.egovernment.moa.id.auth.tasks;
-
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
-import iaik.x509.X509Certificate;
-
-import java.io.IOException;
-import java.util.Map;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.fileupload.FileUploadException;
-import org.apache.commons.lang.StringEscapeUtils;
-
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
-import at.gv.egovernment.moa.id.util.ServletUtils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.spss.util.CertificateUtils;
-
-import com.datentechnik.process_engine.api.ExecutionContext;
-
-/**
- * Parses the certificate from {@code InfoBoxReadResponse} (via POST parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE}), creates the auth block to be signed and returns a {@code CreateXMLSignatureRequest} for auth block signature.<p/>
- * In detail:
- * <ul>
- * <li>Renames the moa session id.</li>
- * <li>Retrieves the certificate via {@code InfoBoxReadResponse} from POST parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE}.</li>
- * <li>Verifies the certificate.</li>
- * <li>Creates the auth block to be signed using information from the certificate (Organwalter, foreign citizen.</li>
- * <li>Puts it in a {@code CreateXMLSignatureRequest}.</li>
- * <li>Updates moa session.</li>
- * <li>Responds with {@code CreateXMLSignatureRequest}.</li>
- * </ul>
- * Expects:
- * <ul>
- * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
- * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_SESSIONID} containing a {@code InfoBoxReadResponse}.</li>
- * </ul>
- * Result:
- * <ul>
- * <li>{@code CreateXMLSignatureRequest} send as HttpServletResponse (for CCE).</li>
- * </ul>
- * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet}.
- * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
- *
- */
-public class VerifyCertificateTask extends AbstractAuthServletTask {
-
-	@Override
-	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
-			throws Exception {
-
-		// note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet
-
-		Logger.debug("POST VerifyCertificateServlet");
-		
-		String pendingRequestID = null;
-		
-		Map<String, String> parameters;
-	    try 
-	    {
-	      parameters = getParameters(req);
-	    } catch (FileUploadException e) 
-	    {
-	      Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
-	      throw new IOException(e.getMessage());
-	     	}
-	    String sessionID = req.getParameter(PARAM_SESSIONID);
-	    
-	    // escape parameter strings
-		sessionID = StringEscapeUtils.escapeHtml(sessionID);
-		
-		pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
-		
-	    AuthenticationSession session = null;
-	    try {
-	       // check parameter
-	       if (!ParamValidatorUtils.isValidSessionID(sessionID))
-	          throw new WrongParametersException("VerifyCertificate", PARAM_SESSIONID, "auth.12");
-	       
-	    	session = AuthenticationServer.getSession(sessionID);
-	    	
-	        //change MOASessionID
-	        sessionID = AuthenticationSessionStoreage.changeSessionID(session);
-	    	
-    		X509Certificate cert = AuthenticationServer.getInstance().getCertificate(sessionID, parameters);
-    		if (cert == null) {
-    			Logger.error("Certificate could not be read.");
-    			throw new AuthenticationException("auth.14", null);    		
-    		}
-    		
-	    	boolean useMandate = session.getUseMandate();
-	    	
-	    	if (useMandate) {
-
-	    		// verify certificate for OrganWalter
-	    		String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyCertificate(session, cert);
-	    		
-		    	try {
-					AuthenticationSessionStoreage.storeSession(session);
-				} catch (MOADatabaseException e) {
-					throw new MOAIDException("session store error", null);
-				}
-	    		
-		    	// TODO[branch]: Mandate; respond with CXSR for authblock signature, dataURL "/VerifyAuthBlock"
-		    	ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate");
-	    		
-	    	}
-	    	else {
-	    			
-		    	
-	    		String countrycode = CertificateUtils.getIssuerCountry(cert);
-	    		if (countrycode != null) {
-	    			if (countrycode.compareToIgnoreCase("AT") == 0) {
-	    				Logger.error("Certificate issuer country code is \"AT\". Login not support in foreign identities mode.");
-	    				throw new AuthenticationException("auth.22", null);
-	    			}
-	    		}
-	    		
-	    		// Foreign Identities Modus	
-		    	String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(session, cert);
-		      // build dataurl (to the GetForeignIDSerlvet)
-		    	String dataurl =
-	             new DataURLBuilder().buildDataURL(
-	               session.getAuthURL(),
-	               REQ_GET_FOREIGN_ID,
-	               session.getSessionID());
-	       
-		    	try {
-					AuthenticationSessionStoreage.storeSession(session);
-				} catch (MOADatabaseException e) {
-					throw new MOAIDException("session store error", null);
-				}
-		    	
-	    		// TODO[branch]: Foreign citizen; respond with CXSR for authblock signature, dataURL "/GetForeignID"
-		    	ServletUtils.writeCreateXMLSignatureRequest(resp, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl);
-		    	
-		    	Logger.debug("Send CreateXMLSignatureRequest to BKU");
-	    	}	    		    	 
-	    }
-	    catch (MOAIDException ex) {
-	      handleError(null, ex, req, resp, pendingRequestID);
-	      
-	    } catch (Exception e) {
-	    	Logger.error("CertificateValidation has an interal Error.", e);
-	    }
-	       
-	    
-	    finally {
-	    	ConfigurationDBUtils.closeSession();
-	    }
-
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyIdentityLinkTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyIdentityLinkTask.java
deleted file mode 100644
index eb884e9db..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/VerifyIdentityLinkTask.java
+++ /dev/null
@@ -1,103 +0,0 @@
-package at.gv.egovernment.moa.id.auth.tasks;
-
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
-
-import java.io.IOException;
-import java.util.Map;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.lang.StringEscapeUtils;
-
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.exception.ParseException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
-import at.gv.egovernment.moa.logging.Logger;
-
-import com.datentechnik.process_engine.api.ExecutionContext;
-
-/**
- * Verifies the identity link.<p/>
- * In detail:
- * <ul>
- * <li>Renames the moa session id.</li>
- * <li>Parses the identity link retrieved as {@code InfoBoxReadResponse} from POST parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE}.</li>
- * <li>Verifies the identity link.</li>
- * <li>Updates moa session.</li>
- * <li>Puts boolean flag {@code identityLinkAvailable} into {@code ExecutionContext}.</li>
- * </ul>
- * Expects:
- * <ul>
- * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
- * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_XMLRESPONSE PARAM_XMLRESPONSE} containing a {@code InfoBoxReadResponse}.</li>
- * </ul>
- * Result:
- * <ul>
- * <li>Identity link put into moa session.</li>
- * <li>Boolean flag {@code identityLinkAvailable} into {@code ExecutionContext}.</li>
- * </ul>
- * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet}.
- * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
- *
- */
-public class VerifyIdentityLinkTask extends AbstractAuthServletTask {
-
-	@Override
-	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
-			throws Exception {
-
-		// note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet
-
-		Logger.debug("POST VerifyIdentityLink");
-
-		setNoCachingHeaders(resp);
-		
-		Map<String, String> parameters;
-		String pendingRequestID = null;
-
-		try {
-			parameters = getParameters(req);
-		} catch (Exception e) {
-			Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
-			throw new IOException(e.getMessage());
-		}
-		
-		try {
-			
-			String sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID));
-			// check parameter
-			if (!ParamValidatorUtils.isValidSessionID(sessionID)) {
-				throw new WrongParametersException("VerifyIdentityLink", PARAM_SESSIONID, "auth.12");
-			}
-			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
-
-			AuthenticationSession session = AuthenticationServer.getSession(sessionID);
-
-			boolean identityLinkAvailable = AuthenticationServer.getInstance().verifyIdentityLink(session, parameters) != null;
-			AuthenticationSessionStoreage.storeSession(session);
-
-			executionContext.put("identityLinkAvailable", identityLinkAvailable);
-
-		} catch (ParseException ex) {
-			handleError(null, ex, req, resp, pendingRequestID);
-
-		} catch (MOAIDException ex) {
-			handleError(null, ex, req, resp, pendingRequestID);
-
-		} catch (Exception e) {
-			Logger.error("IdentityLinkValidation has an interal Error.", e);
-		}
-
-		finally {
-			ConfigurationDBUtils.closeSession();
-		}
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/stork/AbstractPepsConnectorWithLocalSigningTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/stork/AbstractPepsConnectorWithLocalSigningTask.java
deleted file mode 100644
index eff7fe43f..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/stork/AbstractPepsConnectorWithLocalSigningTask.java
+++ /dev/null
@@ -1,258 +0,0 @@
-package at.gv.egovernment.moa.id.auth.tasks.stork;
-
-import at.gv.egovernment.moa.id.auth.tasks.AbstractAuthServletTask;
-import iaik.x509.X509Certificate;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.StringWriter;
-import java.io.UnsupportedEncodingException;
-import java.security.cert.CertificateException;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-
-import javax.activation.DataSource;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBException;
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.Source;
-import javax.xml.transform.TransformerConfigurationException;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactoryConfigurationError;
-import javax.xml.transform.stream.StreamSource;
-
-import org.apache.commons.codec.binary.Base64;
-import org.apache.commons.io.IOUtils;
-import org.apache.commons.lang.StringEscapeUtils;
-import org.apache.velocity.Template;
-import org.apache.velocity.VelocityContext;
-import org.apache.velocity.app.VelocityEngine;
-import org.opensaml.saml2.core.StatusCode;
-import org.xml.sax.SAXException;
-
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.BKUException;
-import at.gv.egovernment.moa.id.auth.exception.BuildException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.exception.ParseException;
-import at.gv.egovernment.moa.id.auth.exception.ServiceException;
-import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet;
-import at.gv.egovernment.moa.id.auth.stork.STORKException;
-import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
-import at.gv.egovernment.moa.id.auth.tasks.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
-import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.moduls.ModulUtils;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.HTTPUtils;
-import at.gv.egovernment.moa.id.util.VelocityProvider;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.spss.MOAException;
-import at.gv.egovernment.moa.spss.api.SPSSFactory;
-import at.gv.egovernment.moa.spss.api.SignatureVerificationService;
-import at.gv.egovernment.moa.spss.api.common.Content;
-import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureInfo;
-import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureLocation;
-import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
-import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
-import at.gv.egovernment.moa.util.StringUtils;
-import at.gv.util.xsd.xmldsig.SignatureType;
-import at.gv.util.xsd.xmldsig.X509DataType;
-
-import com.datentechnik.process_engine.api.ExecutionContext;
-
-import eu.stork.oasisdss.api.ApiUtils;
-import eu.stork.oasisdss.api.LightweightSourceResolver;
-import eu.stork.oasisdss.api.exceptions.ApiUtilsException;
-import eu.stork.oasisdss.api.exceptions.UtilsException;
-import eu.stork.oasisdss.profile.SignRequest;
-import eu.stork.oasisdss.profile.SignResponse;
-import eu.stork.peps.auth.commons.IPersonalAttributeList;
-import eu.stork.peps.auth.commons.PEPSUtil;
-import eu.stork.peps.auth.commons.PersonalAttribute;
-import eu.stork.peps.auth.commons.STORKAuthnRequest;
-import eu.stork.peps.auth.commons.STORKAuthnResponse;
-import eu.stork.peps.auth.engine.STORKSAMLEngine;
-import eu.stork.peps.exceptions.STORKSAMLEngineException;
-
-public abstract class AbstractPepsConnectorWithLocalSigningTask extends AbstractAuthServletTask {
-
-	String getCitizienSignatureFromSignResponse(SignResponse dssSignResponse) throws IllegalArgumentException,
-			TransformerConfigurationException, UtilsException, TransformerException,
-			TransformerFactoryConfigurationError, IOException, ApiUtilsException {
-		// fetch signed doc
-		DataSource ds = LightweightSourceResolver.getDataSource(dssSignResponse);
-		if (ds == null) {
-			throw new ApiUtilsException("No datasource found in response");
-		}
-
-		InputStream incoming = ds.getInputStream();
-		String citizenSignature = IOUtils.toString(incoming);
-		incoming.close();
-
-		return citizenSignature;
-	}
-
-	void SZRGInsertion(AuthenticationSession moaSession, IPersonalAttributeList personalAttributeList,
-			String authnContextClassRef, String citizenSignature) throws STORKException, MOAIDException {
-		Logger.debug("Foregin Citizen signature successfully extracted from STORK Assertion (signedDoc)");
-		Logger.debug("Citizen signature will be verified by SZR Gateway!");
-
-		Logger.debug("fetching OAParameters from database");
-
-		OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
-				moaSession.getPublicOAURLPrefix());
-		if (oaParam == null)
-			throw new AuthenticationException("auth.00", new Object[] { moaSession.getPublicOAURLPrefix() });
-
-		// retrieve target
-		// TODO: check in case of SSO!!!
-		String targetType = null;
-		if (oaParam.getBusinessService()) {
-			String id = oaParam.getIdentityLinkDomainIdentifier();
-			if (id.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_))
-				targetType = id;
-			else
-				targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_ + moaSession.getDomainIdentifier();
-		} else {
-			targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget();
-		}
-
-		Logger.debug("Starting connecting SZR Gateway");
-		// contact SZR Gateway
-		IdentityLink identityLink = null;
-
-		identityLink = STORKResponseProcessor.connectToSZRGateway(personalAttributeList, oaParam.getFriendlyName(),
-				targetType, null, oaParam.getMandateProfiles(), citizenSignature);
-		Logger.debug("SZR communication was successfull");
-
-		if (identityLink == null) {
-			Logger.error("SZR Gateway did not return an identity link.");
-			throw new MOAIDException("stork.10", null);
-		}
-		Logger.info("Received Identity Link from SZR Gateway");
-		moaSession.setIdentityLink(identityLink);
-
-		Logger.debug("Adding addtional STORK attributes to MOA session");
-		moaSession.setStorkAttributes(personalAttributeList);
-
-		// We don't have BKUURL, setting from null to "Not applicable"
-		moaSession.setBkuURL("Not applicable (STORK Authentication)");
-
-		// free for single use
-		moaSession.setAuthenticatedUsed(false);
-
-		// stork did the authentication step
-		moaSession.setAuthenticated(true);
-
-		// TODO: found better solution, but QAA Level in response could be not supported yet
-		try {
-			if (authnContextClassRef == null)
-				authnContextClassRef = PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel();
-			moaSession.setQAALevel(authnContextClassRef);
-
-		} catch (Throwable e) {
-			Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level");
-			moaSession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel());
-
-		}
-
-	}
-
-	X509Certificate getSignerCertificate(String citizenSignature) throws CertificateException, JAXBException,
-			UnsupportedEncodingException {
-		JAXBContext ctx = JAXBContext.newInstance(SignatureType.class.getPackage().getName());
-		SignatureType root = ((JAXBElement<SignatureType>) ctx.createUnmarshaller().unmarshal(
-				IOUtils.toInputStream(citizenSignature))).getValue();
-
-		// extract certificate
-		for (Object current : root.getKeyInfo().getContent())
-			if (((JAXBElement<?>) current).getValue() instanceof X509DataType) {
-				for (Object currentX509Data : ((JAXBElement<X509DataType>) current).getValue()
-						.getX509IssuerSerialOrX509SKIOrX509SubjectName()) {
-					JAXBElement<?> casted = ((JAXBElement<?>) currentX509Data);
-					if (casted.getName().getLocalPart().equals("X509Certificate")) {
-						return new X509Certificate(((String) casted.getValue()).getBytes("UTF-8"));
-					}
-				}
-			}
-		return null;
-	}
-
-	VerifyXMLSignatureResponse verifyXMLSignature(String signature) throws AuthenticationException, ParseException,
-			BKUException, BuildException, ConfigurationException, ServiceException, UnsupportedEncodingException,
-			SAXException, IOException, ParserConfigurationException, MOAException {
-		// Based on MOA demo client
-		// Factory und Service instanzieren
-		SPSSFactory spssFac = SPSSFactory.getInstance();
-		SignatureVerificationService sigVerifyService = SignatureVerificationService.getInstance();
-
-		Content sigDocContent1 = spssFac.createContent(IOUtils.toInputStream(signature, "UTF-8"), null);
-
-		// Position der zu prüfenden Signatur im Dokument angeben
-		// (Nachdem im XPath-Ausdruck ein NS-Präfix verwendet wird, muss in einer Lookup-Tabelle
-		// der damit bezeichnete Namenraum mitgegeben werden)
-		HashMap nSMap = new HashMap();
-		nSMap.put("dsig", "http://www.w3.org/2000/09/xmldsig#");
-		VerifySignatureLocation sigLocation = spssFac.createVerifySignatureLocation("//dsig:Signature", nSMap);
-
-		// Zu prüfendes Dokument und Signaturposition zusammenfassen
-
-		VerifySignatureInfo sigInfo = spssFac.createVerifySignatureInfo(sigDocContent1, sigLocation);
-
-		// Prüfrequest zusammenstellen
-		VerifyXMLSignatureRequest verifyRequest = spssFac.createVerifyXMLSignatureRequest(null, // Wird Prüfzeit nicht
-																								// angegeben, wird
-																								// aktuelle Zeit
-																								// verwendet
-				sigInfo, null, // Keine Ergänzungsobjekte notwendig
-				null, // Signaturmanifest-Prüfung soll nicht durchgeführt werden
-				false, // Hash-Inputdaten, d.h. tatsächlich signierte Daten werden nicht zurückgeliefert
-				"MOAIDBuergerkartePersonenbindungMitTestkarten");// TODO load from config
-		// "Test-Signaturdienste"); // ID des verwendeten Vertrauensprofils
-
-		VerifyXMLSignatureResponse verifyResponse = null;
-		try {
-			// Aufruf der Signaturprüfung
-			verifyResponse = sigVerifyService.verifyXMLSignature(verifyRequest);
-		} catch (MOAException e) {
-			// Service liefert Fehler
-			System.err.println("Die Signaturprüfung hat folgenden Fehler geliefert:");
-			System.err.println("Fehlercode: " + e.getMessageId());
-			System.err.println("Fehlernachricht: " + e.getMessage());
-			throw e;
-		}
-
-		return verifyResponse;
-	}
-
-	at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse convert(
-			VerifyXMLSignatureResponse xMLVerifySignatureResponse) {
-		at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse response = new at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse();
-		response.setCertificateCheckCode(xMLVerifySignatureResponse.getCertificateCheck().getCode());
-		response.setPublicAuthority(xMLVerifySignatureResponse.getSignerInfo().isPublicAuthority());
-		// response.setPublicAuthorityCode(publicAuthorityCode)
-		response.setQualifiedCertificate(xMLVerifySignatureResponse.getSignerInfo().isQualifiedCertificate());
-		response.setSignatureCheckCode(xMLVerifySignatureResponse.getSignatureCheck().getCode());
-		response.setSignatureManifestCheckCode(xMLVerifySignatureResponse.getSignatureManifestCheck().getCode());
-		// response.setSigningDateTime()
-		// response.setX509certificate(x509certificate)
-		response.setXmlDSIGManifestCheckCode(xMLVerifySignatureResponse.getSignatureManifestCheck().getCode());
-		// response.setXmlDSIGManigest(xMLVerifySignatureResponse.getSignatureManifestCheck())
-		// response.setXmlDsigSubjectName(xmlDsigSubjectName)
-		return response;
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/stork/CreateStorkAuthRequestFormTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/stork/CreateStorkAuthRequestFormTask.java
deleted file mode 100644
index 3894567ed..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/stork/CreateStorkAuthRequestFormTask.java
+++ /dev/null
@@ -1,114 +0,0 @@
-package at.gv.egovernment.moa.id.auth.tasks.stork;
-
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.lang.StringEscapeUtils;
-import org.apache.commons.lang3.StringUtils;
-
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.tasks.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.config.stork.CPEPS;
-import at.gv.egovernment.moa.id.config.stork.STORKConfig;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
-import at.gv.egovernment.moa.logging.Logger;
-
-import com.datentechnik.process_engine.api.ExecutionContext;
-
-/**
- * Creates a SAML2 STORK authentication request, embeds it in a form (in order to satisfy saml post binging) and returns the form withing the HttpServletResponse.<p/>
- * In detail:
- * <ul>
- * <li>Validates the stork configuration in order to make sure the selected country is supported.</li>
- * <li>Puts a flag ({@link #PROCESS_CTX_KEY_CPEPS_ISXMLSIGSUPPORTED}) into the ExecutionContext reflecting the capability of the C-PEPS to create xml signatures.</li>
- * <li>Invokes {@link AuthenticationServer#startSTORKAuthentication(HttpServletRequest, HttpServletResponse, AuthenticationSession)} which</li>
- * <ul>
- * <li>Creates and signs a SAML2 stork authentication request.</li>
- * <li>Creates a signature request for auth block signature (either to be performed by the C-PEPS or locally).</li>
- * <li>Using the velocity template engine in order to create a form with the embedded stork request.</li>
- * <li>Writes the form to the response output stream.</li>
- * </ul>
- * </ul>
- * Expects:
- * <ul>
- * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
- * <li>Property {@code ccc} set within the moa session.</li>
- * </ul>
- * Result:
- * <ul>
- * <li>Form containing a SAML2 Stork authentication request and an action url pointing to the selected C-PEPS.</li>
- * <li>Assertion consumer URL for C-PEPS set either to {@code /PEPSConnector} in case of a C-PEPS supporting xml signatures or {@code /PEPSConnectorWithLocalSigning} if the selected C-PEPS does not support xml signatures.</li>
- * <li>In case of a C-PEPS not supporting xml signature: moasession with set signedDoc property (containing the signature request for local signing).</li>
- * <li>ExecutionContext contains the boolean flag {@link #PROCESS_CTX_KEY_CPEPS_ISXMLSIGSUPPORTED}.
- * </ul>
- * Code taken from {@link StartAuthenticationBuilder#build(AuthenticationSession, HttpServletRequest, HttpServletResponse)}.<br/>
- * Using {@link AuthenticationServer#startSTORKAuthentication(HttpServletRequest, HttpServletResponse, AuthenticationSession)}
- * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
- */
-public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask {
-
-	/**
-	 * Boolean value reflecting the capability of the selected c-peps of creating xml signatures.
-	 */
-	public static final String PROCESS_CTX_KEY_CPEPS_ISXMLSIGSUPPORTED = "C-PEPS:XMLSignatureSupported";
-
-	@Override
-	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
-			throws Exception {
-
-		String pendingRequestID = null;
-		String sessionID = null;
-		try {
-			setNoCachingHeaders(resp);
-
-			sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID));
-			// check parameter
-			if (!ParamValidatorUtils.isValidSessionID(sessionID)) {
-				throw new WrongParametersException("CreateStorkAuthRequestFormTask", PARAM_SESSIONID, "auth.12");
-			}
-			AuthenticationSession moasession = AuthenticationServer.getSession(sessionID);
-			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
-
-			if (StringUtils.isEmpty(moasession.getCcc())) {
-				// illegal state; task should not have been executed without a selected country
-				throw new AuthenticationException("stork.22", new Object[] { sessionID });
-			}
-			STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig();
-			if (!storkConfig.isSTORKAuthentication(moasession.getCcc())) {
-				throw new AuthenticationException("stork.23", new Object[] { moasession.getCcc(), sessionID });
-			}
-
-			// STORK authentication
-			// cpeps cannot be null
-			CPEPS cpeps = storkConfig.getCPEPS(moasession.getCcc());
-			Logger.debug("Found C-PEPS configuration for citizen of country: " + moasession.getCcc());
-			executionContext.put(PROCESS_CTX_KEY_CPEPS_ISXMLSIGSUPPORTED, cpeps.isXMLSignatureSupported());
-
-			Logger.info("Starting STORK authentication for a citizen of country: " + moasession.getCcc());
-			AuthenticationServer.startSTORKAuthentication(req, resp, moasession);
-
-		} catch (MOAIDException ex) {
-			handleError(null, ex, req, resp, pendingRequestID);
-
-		} catch (Exception e) {
-			Logger.error("CreateStorkAuthRequestFormTask has an interal Error.", e);
-			throw new MOAIDException("Internal error.", new Object[] { sessionID }, e);
-		}
-
-		finally {
-			ConfigurationDBUtils.closeSession();
-		}
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/stork/PepsConnectorHandleLocalSignResponseTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/stork/PepsConnectorHandleLocalSignResponseTask.java
deleted file mode 100644
index 738988ff7..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/stork/PepsConnectorHandleLocalSignResponseTask.java
+++ /dev/null
@@ -1,218 +0,0 @@
-package at.gv.egovernment.moa.id.auth.tasks.stork;
-
-import iaik.x509.X509Certificate;
-
-import java.io.IOException;
-import java.io.StringWriter;
-import java.util.ArrayList;
-import java.util.List;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.transform.Source;
-import javax.xml.transform.stream.StreamSource;
-
-import org.apache.commons.codec.binary.Base64;
-import org.apache.velocity.Template;
-import org.apache.velocity.VelocityContext;
-import org.apache.velocity.app.VelocityEngine;
-
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.stork.STORKException;
-import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
-import at.gv.egovernment.moa.id.moduls.ModulUtils;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.VelocityProvider;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
-
-import com.datentechnik.process_engine.api.ExecutionContext;
-
-import eu.stork.oasisdss.api.ApiUtils;
-import eu.stork.oasisdss.profile.SignResponse;
-import eu.stork.peps.auth.commons.IPersonalAttributeList;
-import eu.stork.peps.auth.commons.PersonalAttribute;
-
-/**
- * Processes the citizen's signature, creates identity link using szr gateway and finalizes authentication.
- * <p/>
- * In detail:
- * <ul>
- * <li>Changes moa session id.</li>
- * <li>Decodes and validates the sign response, extracting the citizen's signature.</li>
- * <li>Verifies the citizen's signature.</li>
- * <li>Create {@code signedDoc} attribute.</li>
- * <li>Retrieve identity link from SZR gateway using the citizen's signature.</li>
- * <li>If the S-PEPS did not provide any gender information, the szr gateway will not be able to issue an identity link.
- * Therefore a form is presented asking for the subject's gender. The form finally submits the user back to the
- * {@code /PepsConnectorWithLocalSigning} servlet (this task).</li>
- * <li>The moa session is updated with authentication information.</li>
- * <li>Change moa session id.</li>
- * <li>Redirects back to {@code /dispatcher} in order to finalize the authentication.</li>
- * </ul>
- * Expects:
- * <ul>
- * <li>HttpServletRequest parameter {@code moaSessionID}</li>
- * <li>HttpServletRequest parameter {@code signresponse}</li>
- * </ul>
- * Result:
- * <ul>
- * <li>Updated moa id session (signed auth block, signer certificate etc.)</li>
- * <li>Redirect to {@code /dispatcher}.</li>
- * <li>{@link ExecutionContext} contains boolean flag {@code identityLinkAvailable} indicating if an identitylink has been successfully creates or not.</li>
- * </ul>
- * Possible branches:
- * <ul>
- * <li>In case the szr gateway throws exception due to missing gender information:
- * <ul>
- * <li>Returns a form for gender selection with action url back to this servlet/task.</li>
- * </ul>
- * </li>
- * </ul>
- * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet}.<br/>
- *
- * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
- */
-public class PepsConnectorHandleLocalSignResponseTask extends AbstractPepsConnectorWithLocalSigningTask {
-
-	@Override
-	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
-			throws Exception {
-		String moaSessionID = request.getParameter("moaSessionID");
-		String signResponse = request.getParameter("signresponse");
-		Logger.info("moaSessionID:" + moaSessionID);
-		Logger.info("signResponse:" + signResponse);
-
-		if (moaSessionID != null && signResponse != null) {
-			// redirect from oasis with signresponse
-			handleSignResponse(executionContext, request, response);
-		} else {
-			// should not occur
-			throw new IOException("should not occur");
-		}
-		return;
-	}
-
-	private void handleSignResponse(ExecutionContext executionContext, HttpServletRequest request,
-			HttpServletResponse response) {
-		Logger.info("handleSignResponse started");
-		String moaSessionID = request.getParameter("moaSessionID");
-		String signResponse = request.getParameter("signresponse");
-		Logger.info("moaSessionID:" + moaSessionID);
-		Logger.info("signResponse:" + signResponse);
-		String pendingRequestID = null;
-		try {
-
-			// load MOASession from database
-			AuthenticationSession moaSession = AuthenticationServer.getSession(moaSessionID);
-			// change MOASessionID
-			moaSessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
-
-			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);
-			Logger.info("pendingRequestID:" + pendingRequestID);
-			String signResponseString = new String(Base64.decodeBase64(signResponse), "UTF8");
-			Logger.info("RECEIVED signresponse:" + signResponseString);
-			// create SignResponse object
-			Source response1 = new StreamSource(new java.io.StringReader(signResponseString));
-			SignResponse dssSignResponse = ApiUtils.unmarshal(response1, SignResponse.class);
-
-			// SignResponse dssSignResponse = (SignResponse) ApiUtils.unmarshal(new StreamSource(new
-			// java.io.StringReader(Base64.signResponse)));
-
-			String citizenSignature = getCitizienSignatureFromSignResponse(dssSignResponse);
-
-			// memorize signature into authblock
-			moaSession.setAuthBlock(citizenSignature);
-
-			X509Certificate cert = getSignerCertificate(citizenSignature);
-			moaSession.setSignerCertificate(cert);
-			VerifyXMLSignatureResponse xMLVerifySignatureResponse = verifyXMLSignature(citizenSignature);
-			at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse tmp = convert(xMLVerifySignatureResponse);
-
-			moaSession.setXMLVerifySignatureResponse(tmp);
-			executionContext.put("identityLinkAvailable", false);
-			try {
-				IPersonalAttributeList personalAttributeList = moaSession.getAuthnResponseGetPersonalAttributeList();
-				// Add SignResponse TODO Add signature (extracted from signResponse)?
-				List<String> values = new ArrayList<String>();
-				values.add(signResponseString);
-				// values.add(citizenSignature);
-				Logger.debug("Assembling signedDoc attribute");
-				PersonalAttribute signedDocAttribute = new PersonalAttribute("signedDoc", false, values, "Available");
-				personalAttributeList.add(signedDocAttribute);
-
-				String authnContextClassRef = moaSession.getAuthnContextClassRef();
-				SZRGInsertion(moaSession, personalAttributeList, authnContextClassRef, citizenSignature);
-				executionContext.put("identityLinkAvailable", true);
-			} catch (STORKException e) {
-				// this is really nasty but we work against the system here. We are supposed to get the gender attribute
-				// from
-				// stork. If we do not, we cannot register the person in the ERnP - we have to have the
-				// gender for the represented person. So here comes the dirty hack.
-				if (e.getCause() instanceof STORKException
-						&& e.getCause().getMessage().equals("gender not found in response")) {
-					try {
-						Logger.trace("Initialize VelocityEngine...");
-
-						VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
-						Template template = velocityEngine.getTemplate("/resources/templates/fetchGender.html");
-						VelocityContext context = new VelocityContext();
-						context.put("SAMLResponse", request.getParameter("SAMLResponse"));
-						context.put("action", request.getRequestURL());
-
-						StringWriter writer = new StringWriter();
-						template.merge(context, writer);
-						response.getOutputStream().write(writer.toString().getBytes("UTF-8"));
-					} catch (Exception e1) {
-						Logger.error("Error sending gender retrival form.", e1);
-						// httpSession.invalidate();
-						throw new MOAIDException("stork.10", null);
-					}
-
-					return;
-				}
-
-				Logger.error("Error connecting SZR Gateway", e);
-				throw new MOAIDException("stork.10", null);
-			}
-
-			Logger.debug("Add full STORK AuthnResponse to MOA session");
-			moaSession.setStorkAuthnResponse(request.getParameter("SAMLResponse"));// TODO ask Florian/Thomas
-																					// authnResponse?
-			moaSession.setForeigner(true);
-
-			// session is implicit stored in changeSessionID!!!!
-			String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
-
-			Logger.info("Changed MOASession " + moaSessionID + " to Session " + newMOASessionID);
-
-			// redirect
-			String redirectURL = null;
-			redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(),
-					ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction(), pendingRequestID),
-					newMOASessionID);
-			redirectURL = response.encodeRedirectURL(redirectURL);
-
-			response.sendRedirect(redirectURL);
-			Logger.info("REDIRECT TO: " + redirectURL);
-
-		} catch (AuthenticationException e) {
-			handleError(null, e, request, response, pendingRequestID);
-
-		} catch (MOAIDException e) {
-			handleError(null, e, request, response, pendingRequestID);
-
-		} catch (Exception e) {
-			Logger.error("PEPSConnector has an interal Error.", e);
-		}
-
-		finally {
-			ConfigurationDBUtils.closeSession();
-		}
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/stork/PepsConnectorHandleResponseWithoutSignatureTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/stork/PepsConnectorHandleResponseWithoutSignatureTask.java
deleted file mode 100644
index 31bc28f5a..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/stork/PepsConnectorHandleResponseWithoutSignatureTask.java
+++ /dev/null
@@ -1,441 +0,0 @@
-package at.gv.egovernment.moa.id.auth.tasks.stork;
-
-import iaik.x509.X509Certificate;
-
-import java.io.IOException;
-import java.io.StringWriter;
-import java.util.ArrayList;
-import java.util.List;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.transform.Source;
-import javax.xml.transform.stream.StreamSource;
-
-import org.apache.commons.codec.binary.Base64;
-import org.apache.commons.io.IOUtils;
-import org.apache.commons.lang.StringEscapeUtils;
-import org.apache.velocity.Template;
-import org.apache.velocity.VelocityContext;
-import org.apache.velocity.app.VelocityEngine;
-import org.opensaml.saml2.core.StatusCode;
-
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet;
-import at.gv.egovernment.moa.id.auth.stork.STORKException;
-import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
-import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
-import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.moduls.ModulUtils;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.HTTPUtils;
-import at.gv.egovernment.moa.id.util.VelocityProvider;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.StringUtils;
-
-import com.datentechnik.process_engine.api.ExecutionContext;
-
-import eu.stork.oasisdss.api.ApiUtils;
-import eu.stork.oasisdss.profile.SignRequest;
-import eu.stork.oasisdss.profile.SignResponse;
-import eu.stork.peps.auth.commons.IPersonalAttributeList;
-import eu.stork.peps.auth.commons.PEPSUtil;
-import eu.stork.peps.auth.commons.PersonalAttribute;
-import eu.stork.peps.auth.commons.STORKAuthnRequest;
-import eu.stork.peps.auth.commons.STORKAuthnResponse;
-import eu.stork.peps.auth.engine.STORKSAMLEngine;
-import eu.stork.peps.exceptions.STORKSAMLEngineException;
-
-/**
- * Validates the SAML response from C-PEPS.
- * <p/>
- * In detail:
- * <ul>
- * <li>Decodes and validates SAML response from C-PEPS.</li>
- * <li>Retrieves the moa session using the session id provided by HttpServletRequest parameter {@code RelayState} or by {@code inResponseTo} attribute of the saml response.</li>
- * <li>Store saml response in moa session.</li>
- * <li>Change moa session id.</li>
- * <li>Redirect to {@code /PEPSConnectorWithLocalSigning}, with providing the moa session id as request parameter.</li>
- * </ul>
- * Expects:
- * <ul>
- * <li>HttpServletRequest parameter {@code moaSessionID} <strong>to be {@code null}</strong></li>
- * <li>HttpServletRequest parameter {@code signresponse} <strong>to be {@code null}</strong></li>
- * <li>HttpServletRequest parameter {@code SAMLResponse}</li>
- * <li>Either HttpServletRequest parameter {@code RelayState} or {@code inResponseTo} attribute within the saml response, both reflecting the moa session id.</li>
- * </ul>
- * Result:
- * <ul>
- * <li>Updated moa session (with saml response).</li>
- * <li>Redirect to {@code /PEPSConnectorWithLocalSigning}, with providing the moa session id as request parameter.</li>
- * </ul>
- * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet}.<br/>
- *
- * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
- */
-public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPepsConnectorWithLocalSigningTask {
-
-	private String oasisDssWebFormURL = "https://testvidp.buergerkarte.at/oasis-dss/DSSWebFormServlet";
-	// load from config below
-
-	@Override
-	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
-			throws Exception {
-		String moaSessionID = request.getParameter("moaSessionID");
-		String signResponse = request.getParameter("signresponse");
-		Logger.info("moaSessionID:" + moaSessionID);
-		Logger.info("signResponse:" + signResponse);
-
-		if (moaSessionID == null && signResponse == null) {
-			// normal saml response
-			handleSAMLResponse(executionContext, request, response);
-
-		} else {
-			// should not occur
-			throw new IOException("should not occur");
-		}
-		return;
-	}
-
-	private void handleSAMLResponse(ExecutionContext executionContext, HttpServletRequest request,
-			HttpServletResponse response) {
-		Logger.info("handleSAMLResponse started");
-		String pendingRequestID = null;
-
-		setNoCachingHeaders(response);
-		try {
-			Logger.info("PEPSConnector Servlet invoked, expecting C-PEPS message.");
-			Logger.debug("This ACS endpoint is: " + HTTPUtils.getBaseURL(request));
-
-			Logger.trace("No Caching headers set for HTTP response");
-
-			// check if https or only http
-			super.checkIfHTTPisAllowed(request.getRequestURL().toString());
-
-			Logger.debug("Beginning to extract SAMLResponse out of HTTP Request");
-
-			// extract STORK Response from HTTP Request
-			// Decodes SAML Response
-			byte[] decSamlToken;
-			try {
-				decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLResponse"));
-				Logger.debug("SAMLResponse: " + new String(decSamlToken));
-
-			} catch (NullPointerException e) {
-				Logger.error("Unable to retrieve STORK Response", e);
-				throw new MOAIDException("stork.04", null);
-			}
-
-			// Get SAMLEngine instance
-			STORKSAMLEngine engine = STORKSAMLEngine.getInstance("outgoing");
-
-			STORKAuthnResponse authnResponse = null;
-			try {
-				// validate SAML Token
-				Logger.debug("Starting validation of SAML response");
-				authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, (String) request.getRemoteHost());
-				Logger.info("SAML response succesfully verified!");
-			} catch (STORKSAMLEngineException e) {
-				Logger.error("Failed to verify STORK SAML Response", e);
-				throw new MOAIDException("stork.05", null);
-			}
-
-			Logger.info("STORK SAML Response message succesfully extracted");
-			Logger.debug("STORK response: ");
-			Logger.debug(authnResponse.toString());
-
-			Logger.debug("Trying to find MOA Session-ID ...");
-			// String moaSessionID = request.getParameter(PARAM_SESSIONID);
-			// first use SAML2 relayState
-			String moaSessionID = request.getParameter("RelayState");
-
-			// escape parameter strings
-			moaSessionID = StringEscapeUtils.escapeHtml(moaSessionID);
-
-			// check if SAML2 relaystate includes a MOA sessionID
-			if (StringUtils.isEmpty(moaSessionID)) {
-				// if relaystate is emtpty, use SAML response -> inResponseTo element as session identifier
-
-				moaSessionID = authnResponse.getInResponseTo();
-				moaSessionID = StringEscapeUtils.escapeHtml(moaSessionID);
-
-				if (StringUtils.isEmpty(moaSessionID)) {
-					// No authentication session has been started before
-					Logger.error("MOA-SessionID was not found, no previous AuthnRequest had been started");
-					Logger.debug("PEPSConnectorURL was: " + request.getRequestURL());
-					throw new AuthenticationException("auth.02", new Object[] { moaSessionID });
-
-				} else
-					Logger.trace("Use MOA SessionID " + moaSessionID + " from AuthnResponse->inResponseTo attribute.");
-
-			} else
-				// Logger.trace("MOA SessionID " + moaSessionID + " is found in http GET parameter.");
-				Logger.trace("MOA SessionID " + moaSessionID + " is found in SAML2 relayState.");
-
-			/*
-			 * INFO!!!! SAML message IDs has an different format then MOASessionIDs This is only a workaround because
-			 * many PEPS does not support SAML2 relayState or MOASessionID as AttributConsumerServiceURL GET parameter
-			 */
-			// if (!ParamValidatorUtils.isValidSessionID(moaSessionID))
-			// throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12");
-
-			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);
-
-			// load MOASession from database
-			AuthenticationSession moaSession = AuthenticationServer.getSession(moaSessionID);
-			// change MOASessionID
-			moaSessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
-
-			Logger.info("Found MOA sessionID: " + moaSessionID);
-
-			String statusCodeValue = authnResponse.getStatusCode();
-
-			if (!statusCodeValue.equals(StatusCode.SUCCESS_URI)) {
-				Logger.error("Received ErrorResponse from PEPS: " + statusCodeValue);
-				throw new MOAIDException("stork.06", new Object[] { statusCodeValue });
-			}
-
-			Logger.info("Got SAML response with authentication success message.");
-
-			Logger.debug("MOA session is still valid");
-
-			STORKAuthnRequest storkAuthnRequest = moaSession.getStorkAuthnRequest();
-
-			if (storkAuthnRequest == null) {
-				Logger.error("Could not find any preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
-				throw new MOAIDException("stork.07", null);
-			}
-
-			Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
-
-			// //////////// incorporate gender from parameters if not in stork response
-
-			IPersonalAttributeList attributeList = authnResponse.getPersonalAttributeList();
-
-			// but first, check if we have a representation case
-			if (STORKResponseProcessor.hasAttribute("mandateContent", attributeList)
-					|| STORKResponseProcessor.hasAttribute("representative", attributeList)
-					|| STORKResponseProcessor.hasAttribute("represented", attributeList)) {
-				// in a representation case...
-				moaSession.setUseMandate("true");
-
-				// and check if we have the gender value
-				PersonalAttribute gender = attributeList.get("gender");
-				if (null == gender) {
-					String gendervalue = (String) request.getParameter("gender");
-					if (null != gendervalue) {
-						gender = new PersonalAttribute();
-						gender.setName("gender");
-						ArrayList<String> tmp = new ArrayList<String>();
-						tmp.add(gendervalue);
-						gender.setValue(tmp);
-
-						authnResponse.getPersonalAttributeList().add(gender);
-					}
-				}
-			}
-
-			
-			
-			// ////////////////////////////////////////////////////////////////////////
-
-			Logger.debug("Starting extraction of signedDoc attribute");
-			// extract signed doc element and citizen signature
-			String citizenSignature = null;
-			try {
-				PersonalAttribute signedDoc = authnResponse.getPersonalAttributeList().get("signedDoc");
-				String signatureInfo = null;
-				// FIXME: Remove nonsense code (signedDoc attribute... (throw Exception for "should not occur" situations)), adjust error messages in order to reflect the true problem...
-				if (signedDoc != null) {
-					signatureInfo = signedDoc.getValue().get(0);
-					// should not occur
-				} else {
-
-					// store SAMLResponse
-					moaSession.setSAMLResponse(request.getParameter("SAMLResponse"));
-					// store authnResponse
-
-					// moaSession.setAuthnResponse(authnResponse);//not serializable
-					moaSession.setAuthnResponseGetPersonalAttributeList(authnResponse.getPersonalAttributeList());
-
-					String authnContextClassRef = null;
-					try {
-						authnContextClassRef = authnResponse.getAssertions().get(0).getAuthnStatements().get(0)
-								.getAuthnContext().getAuthnContextClassRef().getAuthnContextClassRef();
-					} catch (Throwable e) {
-						Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level");
-					}
-
-					moaSession.setAuthnContextClassRef(authnContextClassRef);
-					moaSession.setReturnURL(request.getRequestURL());
-
-					// load signedDoc
-					String signRequest = moaSession.getSignedDoc();
-
-					// session is implicit stored in changeSessionID!!!!
-					String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
-
-					// set return url to PEPSConnectorWithLocalSigningServlet and add newMOASessionID
-					// signRequest
-
-					String issuerValue = AuthConfigurationProvider.getInstance().getPublicURLPrefix();
-					String acsURL = issuerValue
-							+ PEPSConnectorWithLocalSigningServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN;
-
-					String url = acsURL + "?moaSessionID=" + newMOASessionID;
-					// redirect to OASIS module and sign there
-
-					boolean found = false;
-					try {
-						List<AttributeProviderPlugin> aps = AuthConfigurationProvider.getInstance()
-								.getOnlineApplicationParameter(moaSession.getPublicOAURLPrefix()).getStorkAPs();
-						Logger.info("Found AttributeProviderPlugins:" + aps.size());
-						for (AttributeProviderPlugin ap : aps) {
-							Logger.info("Found AttributeProviderPlugin attribute:" + ap.getAttributes());
-							if (ap.getAttributes().equalsIgnoreCase("signedDoc")) {
-								// FIXME: A servlet's class field is not thread safe!!!
-								oasisDssWebFormURL = ap.getUrl();
-								found = true;
-								Logger.info("Loaded signedDoc attribute provider url from config:" + oasisDssWebFormURL);
-								break;
-							}
-						}
-					} catch (Exception e) {
-						e.printStackTrace();
-						Logger.error("Loading the signedDoc attribute provider url from config failed");
-					}
-					if (!found) {
-						Logger.error("Failed to load the signedDoc attribute provider url from config");
-					}
-					performRedirect(url, request, response, signRequest);
-
-					return;
-				}
-				
-				// FIXME: This servlet/task is intended to handle peps responses without signature, so why do we try to process that signature here?
-				SignResponse dssSignResponse = (SignResponse) ApiUtils.unmarshal(new StreamSource(
-						new java.io.StringReader(signatureInfo)));
-
-				citizenSignature = getCitizienSignatureFromSignResponse(dssSignResponse);
-
-				// memorize signature into authblock
-				moaSession.setAuthBlock(citizenSignature);
-
-				X509Certificate cert = getSignerCertificate(citizenSignature);
-				moaSession.setSignerCertificate(cert);
-				moaSession.setForeigner(true);
-
-			} catch (Throwable e) {
-				Logger.error("Could not extract citizen signature from C-PEPS", e);
-				throw new MOAIDException("stork.09", null);
-			}
-
-			// FIXME: Same here; we do not have the citizen's signature, so this code might be regarded as dead code.
-			try {
-				SZRGInsertion(moaSession, authnResponse.getPersonalAttributeList(), authnResponse.getAssertions()
-						.get(0).getAuthnStatements().get(0).getAuthnContext().getAuthnContextClassRef()
-						.getAuthnContextClassRef(), citizenSignature);
-			} catch (STORKException e) {
-				// this is really nasty but we work against the system here. We are supposed to get the gender attribute
-				// from
-				// stork. If we do not, we cannot register the person in the ERnP - we have to have the
-				// gender for the represented person. So here comes the dirty hack.
-				if (e.getCause() instanceof STORKException
-						&& e.getCause().getMessage().equals("gender not found in response")) {
-					try {
-						Logger.trace("Initialize VelocityEngine...");
-
-						VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
-						Template template = velocityEngine.getTemplate("/resources/templates/fetchGender.html");
-						VelocityContext context = new VelocityContext();
-						context.put("SAMLResponse", request.getParameter("SAMLResponse"));
-						context.put("action", request.getRequestURL());
-
-						StringWriter writer = new StringWriter();
-						template.merge(context, writer);
-
-						response.getOutputStream().write(writer.toString().getBytes("UTF-8"));
-					} catch (Exception e1) {
-						Logger.error("Error sending gender retrival form.", e1);
-						// httpSession.invalidate();
-						throw new MOAIDException("stork.10", null);
-					}
-
-					return;
-				}
-
-				Logger.error("Error connecting SZR Gateway", e);
-				throw new MOAIDException("stork.10", null);
-			}
-
-			Logger.debug("Add full STORK AuthnResponse to MOA session");
-			moaSession.setStorkAuthnResponse(request.getParameter("SAMLResponse"));// TODO ask Florian/Thomas
-																					// authnResponse?
-
-			// session is implicit stored in changeSessionID!!!!
-			String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
-
-			Logger.info("Changed MOASession " + moaSessionID + " to Session " + newMOASessionID);
-
-			// redirect
-			String redirectURL = null;
-			redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(),
-					ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction(), pendingRequestID),
-					newMOASessionID);
-			redirectURL = response.encodeRedirectURL(redirectURL);
-
-			response.setContentType("text/html");
-			response.setStatus(302);
-			response.addHeader("Location", redirectURL);
-			Logger.info("REDIRECT TO: " + redirectURL);
-
-		} catch (AuthenticationException e) {
-			handleError(null, e, request, response, pendingRequestID);
-
-		} catch (MOAIDException e) {
-			handleError(null, e, request, response, pendingRequestID);
-
-		} catch (Exception e) {
-			Logger.error("PEPSConnector has an interal Error.", e);
-		}
-
-		finally {
-			ConfigurationDBUtils.closeSession();
-		}
-
-	}
-
-	private void performRedirect(String url, HttpServletRequest req, HttpServletResponse resp, String signRequestString)
-			throws MOAIDException {
-
-		try {
-			Logger.trace("Initialize VelocityEngine...");
-
-			VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
-			Template template = velocityEngine.getTemplate("/resources/templates/oasis_dss_webform_binding.vm");
-			VelocityContext context = new VelocityContext();
-
-			Logger.debug("performRedirect, signrequest:" + signRequestString);
-			Source signDoc = new StreamSource(new java.io.StringReader(signRequestString));
-			SignRequest signRequest = ApiUtils.unmarshal(signDoc, SignRequest.class);
-			signRequest.setReturnURL("TODO");
-			signRequestString = IOUtils.toString(ApiUtils.marshalToInputStream(signRequest));
-			context.put("signrequest", Base64.encodeBase64String(signRequestString.getBytes("UTF8")));
-			context.put("clienturl", url);
-			context.put("action", oasisDssWebFormURL);
-
-			StringWriter writer = new StringWriter();
-			template.merge(context, writer);
-
-			resp.getOutputStream().write(writer.toString().getBytes("UTF-8"));
-		} catch (Exception e) {
-			Logger.error("Error sending DSS signrequest.", e);
-			throw new MOAIDException("stork.11", null);
-		}
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/stork/PepsConnectorTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/stork/PepsConnectorTask.java
deleted file mode 100644
index 0e4e2a0f7..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/tasks/stork/PepsConnectorTask.java
+++ /dev/null
@@ -1,567 +0,0 @@
-package at.gv.egovernment.moa.id.auth.tasks.stork;
-
-import iaik.x509.X509Certificate;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.StringWriter;
-import java.net.URL;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.List;
-import java.util.Properties;
-
-import javax.activation.DataSource;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBElement;
-import javax.xml.namespace.QName;
-import javax.xml.transform.stream.StreamSource;
-import javax.xml.ws.BindingProvider;
-import javax.xml.ws.Service;
-import javax.xml.ws.soap.SOAPBinding;
-
-import org.apache.commons.io.IOUtils;
-import org.apache.commons.lang.StringEscapeUtils;
-import org.apache.velocity.Template;
-import org.apache.velocity.VelocityContext;
-import org.apache.velocity.app.VelocityEngine;
-import org.opensaml.saml2.core.StatusCode;
-
-import com.datentechnik.process_engine.api.ExecutionContext;
-
-import eu.stork.documentservice.DocumentService;
-import eu.stork.documentservice.data.DatabaseConnectorMySQLImpl;
-import eu.stork.oasisdss.api.ApiUtils;
-import eu.stork.oasisdss.api.LightweightSourceResolver;
-import eu.stork.oasisdss.api.exceptions.ApiUtilsException;
-import eu.stork.oasisdss.profile.DocumentType;
-import eu.stork.oasisdss.profile.DocumentWithSignature;
-import eu.stork.oasisdss.profile.SignResponse;
-import eu.stork.peps.auth.commons.IPersonalAttributeList;
-import eu.stork.peps.auth.commons.PEPSUtil;
-import eu.stork.peps.auth.commons.PersonalAttribute;
-import eu.stork.peps.auth.commons.PersonalAttributeList;
-import eu.stork.peps.auth.commons.STORKAttrQueryRequest;
-import eu.stork.peps.auth.commons.STORKAuthnRequest;
-import eu.stork.peps.auth.commons.STORKAuthnResponse;
-import eu.stork.peps.auth.engine.STORKSAMLEngine;
-import eu.stork.peps.exceptions.STORKSAMLEngineException;
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.stork.STORKException;
-import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
-import at.gv.egovernment.moa.id.auth.tasks.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.moduls.ModulUtils;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.HTTPUtils;
-import at.gv.egovernment.moa.id.util.VelocityProvider;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.StringUtils;
-import at.gv.util.xsd.xmldsig.SignatureType;
-import at.gv.util.xsd.xmldsig.X509DataType;
-
-/**
- * Evaluates the SAML response from the C-PEPS and authenticates the user.
- * <p/>
- * In detail:
- * <ul>
- * <li>Decodes and validates the SAML response from the C-PEPS.</li>
- * <li>Change moa session id.</li>
- * <li>Extracts the subject's gender from request parameter {@code gender} if not available from the saml response.</li>
- * <li>Extracts the {@code signedDoc} attribute from the response, get signed doc payload using stork attribute query request.</li>
- * <li>Request SZR gateway for verification of the citizen's signature and for creating of an identity link.</li>
- * <li>In case of mandate mode: If the S-PEPS did not provide any gender information, the szr gateway will not be able to issue an identity link. Therefore a form is presented asking for the subject's gender. The form submits the user back to the {@code /PepsConnector} servlet (this task).</li>
- * <li>The moa session is updated with authentication information.</li>
- * <li>Change moa session id.</li>
- * <li>Redirects back to {@code /dispatcher} in order to finalize the authentication.</li>
- * </ul>
- * Expects:
- * <ul>
- * <li>HttpServletRequest parameter {@code SAMLResponse}</li>
- * <li>Either HttpServletRequest parameter {@code RelayState} or {@code inResponseTo} attribute from the SAML response (both depicting the moa session id)</li>
- * <li>HttpServletRequest parameter {@code gender} in case the request comes from the gender selection form</li>
- * <li>{@code signedDoc} attribute within the SAML response.</li>
- * </ul>
- * Result:
- * <ul>
- * <li>Updated moa id session (identity link, stork attributes...)</li>
- * <li>{@link ExecutionContext} contains boolean flag {@code identityLinkAvailable} indicating if an identitylink has been successfully creates or not.</li>
- * <li>Redirect to {@code /dispatcher}.</li> 
- * </ul>
- * Possible branches:
- * <ul>
- * <li>In case the szr gateway throws exception due to missing gender information:
- * <ul>
- * <li>Returns a form for gender selection with action url back to this servlet/task.</li>
- * </ul>
- * </li>
- * </ul>
- * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet}.<br/>
- *
- * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
- */
-public class PepsConnectorTask extends AbstractAuthServletTask {
-
-	private String dtlUrl = null;
-
-	public PepsConnectorTask() {
-		super();
-		Properties props = new Properties();
-		try {
-			props.load(DatabaseConnectorMySQLImpl.class.getResourceAsStream("docservice.properties"));
-			dtlUrl = props.getProperty("docservice.url");
-		} catch (IOException e) {
-			dtlUrl = "http://testvidp.buergerkarte.at/DocumentService/DocumentService";
-			Logger.error("Loading DTL config failed, using default value:" + dtlUrl);
-			e.printStackTrace();
-		}
-	}
-
-	@Override
-	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
-			throws Exception {
-		String pendingRequestID = null;
-
-		setNoCachingHeaders(response);
-
-		try {
-
-			Logger.info("PEPSConnector Servlet invoked, expecting C-PEPS message.");
-			Logger.debug("This ACS endpoint is: " + HTTPUtils.getBaseURL(request));
-
-			// check if https or only http
-			super.checkIfHTTPisAllowed(request.getRequestURL().toString());
-
-			Logger.debug("Beginning to extract SAMLResponse out of HTTP Request");
-
-			// extract STORK Response from HTTP Request
-			// Decodes SAML Response
-			byte[] decSamlToken;
-			try {
-				decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLResponse"));
-				Logger.debug("SAMLResponse: " + new String(decSamlToken));
-
-			} catch (NullPointerException e) {
-				Logger.error("Unable to retrieve STORK Response", e);
-				throw new MOAIDException("stork.04", null);
-			}
-
-			// Get SAMLEngine instance
-			STORKSAMLEngine engine = STORKSAMLEngine.getInstance("outgoing");
-
-			STORKAuthnResponse authnResponse = null;
-			try {
-				// validate SAML Token
-				Logger.debug("Starting validation of SAML response");
-				authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, (String) request.getRemoteHost());
-				Logger.info("SAML response succesfully verified!");
-			} catch (STORKSAMLEngineException e) {
-				Logger.error("Failed to verify STORK SAML Response", e);
-				throw new MOAIDException("stork.05", null);
-			}
-
-			Logger.info("STORK SAML Response message succesfully extracted");
-			Logger.debug("STORK response: ");
-			Logger.debug(authnResponse.toString());
-
-			Logger.debug("Trying to find MOA Session-ID ...");
-			// String moaSessionID = request.getParameter(PARAM_SESSIONID);
-			// first use SAML2 relayState
-			String moaSessionID = request.getParameter("RelayState");
-
-			// escape parameter strings
-			moaSessionID = StringEscapeUtils.escapeHtml(moaSessionID);
-
-			// check if SAML2 relaystate includes a MOA sessionID
-			if (StringUtils.isEmpty(moaSessionID)) {
-				// if relaystate is emtpty, use SAML response -> inResponseTo element as session identifier
-
-				moaSessionID = authnResponse.getInResponseTo();
-				moaSessionID = StringEscapeUtils.escapeHtml(moaSessionID);
-
-				if (StringUtils.isEmpty(moaSessionID)) {
-					// No authentication session has been started before
-					Logger.error("MOA-SessionID was not found, no previous AuthnRequest had been started");
-					Logger.debug("PEPSConnectorURL was: " + request.getRequestURL());
-					throw new AuthenticationException("auth.02", new Object[] { moaSessionID });
-
-				} else
-					Logger.trace("Use MOA SessionID " + moaSessionID + " from AuthnResponse->inResponseTo attribute.");
-
-			} else
-				// Logger.trace("MOA SessionID " + moaSessionID + " is found in http GET parameter.");
-				Logger.trace("MOA SessionID " + moaSessionID + " is found in SAML2 relayState.");
-
-			/*
-			 * INFO!!!! SAML message IDs has an different format then MOASessionIDs This is only a workaround because
-			 * many PEPS does not support SAML2 relayState or MOASessionID as AttributConsumerServiceURL GET parameter
-			 */
-			// if (!ParamValidatorUtils.isValidSessionID(moaSessionID))
-			// throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12");
-
-			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);
-
-			// load MOASession from database
-			AuthenticationSession moaSession = AuthenticationServer.getSession(moaSessionID);
-			// change MOASessionID
-			moaSessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
-
-			Logger.info("Found MOA sessionID: " + moaSessionID);
-
-			String statusCodeValue = authnResponse.getStatusCode();
-
-			if (!statusCodeValue.equals(StatusCode.SUCCESS_URI)) {
-				Logger.error("Received ErrorResponse from PEPS: " + statusCodeValue);
-				throw new MOAIDException("stork.06", new Object[] { statusCodeValue });
-			}
-
-			Logger.info("Got SAML response with authentication success message.");
-
-			Logger.debug("MOA session is still valid");
-
-			STORKAuthnRequest storkAuthnRequest = moaSession.getStorkAuthnRequest();
-
-			if (storkAuthnRequest == null) {
-				Logger.error("Could not find any preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
-				throw new MOAIDException("stork.07", null);
-			}
-
-			Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
-
-			// //////////// incorporate gender from parameters if not in stork response
-
-			IPersonalAttributeList attributeList = authnResponse.getPersonalAttributeList();
-
-			// but first, check if we have a representation case
-			if (STORKResponseProcessor.hasAttribute("mandateContent", attributeList)
-					|| STORKResponseProcessor.hasAttribute("representative", attributeList)
-					|| STORKResponseProcessor.hasAttribute("represented", attributeList)) {
-				// in a representation case...
-				moaSession.setUseMandate("true");
-
-				// and check if we have the gender value
-				PersonalAttribute gender = attributeList.get("gender"); // TODO Do we need to check gender value if
-																		// there is no representation case?
-				if (null == gender) {
-					String gendervalue = (String) request.getParameter("gender");
-					if (null != gendervalue) {
-						gender = new PersonalAttribute();
-						gender.setName("gender");
-						ArrayList<String> tmp = new ArrayList<String>();
-						tmp.add(gendervalue);
-						gender.setValue(tmp);
-
-						authnResponse.getPersonalAttributeList().add(gender);
-					}
-				}
-			}
-
-			// ////////////////////////////////////////////////////////////////////////
-
-			Logger.debug("Starting extraction of signedDoc attribute");
-			// extract signed doc element and citizen signature
-			String citizenSignature = null;
-			try {
-				String signatureInfo = authnResponse.getPersonalAttributeList().get("signedDoc").getValue().get(0); // TODO ERROR HANDLING
-
-				Logger.debug("signatureInfo:" + signatureInfo);
-
-				SignResponse dssSignResponse = (SignResponse) ApiUtils.unmarshal(new StreamSource(
-						new java.io.StringReader(signatureInfo)));
-
-				// fetch signed doc
-				DataSource ds = LightweightSourceResolver.getDataSource(dssSignResponse);
-				if (ds == null) {
-					throw new ApiUtilsException("No datasource found in response");
-				}
-
-				InputStream incoming = ds.getInputStream();
-				citizenSignature = IOUtils.toString(incoming);
-				incoming.close();
-
-				Logger.debug("citizenSignature:" + citizenSignature);
-				if (isDocumentServiceUsed(citizenSignature) == true) {
-					Logger.debug("Loading document from DocumentService.");
-					String url = getDtlUrlFromResponse(dssSignResponse);
-					// get Transferrequest
-					String transferRequest = getDocTransferRequest(dssSignResponse.getDocUI(), url);
-					// Load document from DocujmentService
-					byte[] data = getDocumentFromDtl(transferRequest, url);
-					citizenSignature = new String(data, "UTF-8");
-					Logger.debug("Overridung citizenSignature with:" + citizenSignature);
-				}
-
-				JAXBContext ctx = JAXBContext.newInstance(SignatureType.class.getPackage().getName());
-				SignatureType root = ((JAXBElement<SignatureType>) ctx.createUnmarshaller().unmarshal(
-						IOUtils.toInputStream(citizenSignature))).getValue();
-
-				// memorize signature into authblock
-				moaSession.setAuthBlock(citizenSignature);
-
-				// extract certificate
-				for (Object current : root.getKeyInfo().getContent())
-					if (((JAXBElement<?>) current).getValue() instanceof X509DataType) {
-						for (Object currentX509Data : ((JAXBElement<X509DataType>) current).getValue()
-								.getX509IssuerSerialOrX509SKIOrX509SubjectName()) {
-							JAXBElement<?> casted = ((JAXBElement<?>) currentX509Data);
-							if (casted.getName().getLocalPart().equals("X509Certificate")) {
-								moaSession.setSignerCertificate(new X509Certificate(((String) casted.getValue())
-										.getBytes("UTF-8")));
-								break;
-							}
-						}
-					}
-
-			} catch (Throwable e) {
-				Logger.error("Could not extract citizen signature from C-PEPS", e);
-				throw new MOAIDException("stork.09", null);
-			}
-			Logger.debug("Foregin Citizen signature successfully extracted from STORK Assertion (signedDoc)");
-			Logger.debug("Citizen signature will be verified by SZR Gateway!");
-
-			Logger.debug("fetching OAParameters from database");
-
-			// //read configuration paramters of OA
-			// AuthenticationSession moasession;
-			// try {
-			// moasession = AuthenticationSessionStoreage.getSession(moaSessionID);
-			// } catch (MOADatabaseException e2) {
-			// Logger.error("could not retrieve moa session");
-			// throw new AuthenticationException("auth.01", null);
-			// }
-			OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
-					moaSession.getPublicOAURLPrefix());
-			if (oaParam == null)
-				throw new AuthenticationException("auth.00", new Object[] { moaSession.getPublicOAURLPrefix() });
-
-			// retrieve target
-			// TODO: check in case of SSO!!!
-			String targetType = null;
-			if (oaParam.getBusinessService()) {
-				String id = oaParam.getIdentityLinkDomainIdentifier();
-				if (id.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_))
-					targetType = id;
-				else
-					targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_ + moaSession.getDomainIdentifier();
-			} else {
-				targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget();
-			}
-
-			Logger.debug("Starting connecting SZR Gateway");
-			// contact SZR Gateway
-			IdentityLink identityLink = null;
-			executionContext.put("identityLinkAvailable", false);
-			try {
-				identityLink = STORKResponseProcessor.connectToSZRGateway(authnResponse.getPersonalAttributeList(),
-						oaParam.getFriendlyName(), targetType, null, oaParam.getMandateProfiles(), citizenSignature);
-			} catch (STORKException e) {
-				// this is really nasty but we work against the system here. We are supposed to get the gender attribute
-				// from
-				// stork. If we do not, we cannot register the person in the ERnP - we have to have the
-				// gender for the represented person. So here comes the dirty hack.
-				if (e.getCause() instanceof STORKException
-						&& e.getCause().getMessage().equals("gender not found in response")) {
-					try {
-						Logger.trace("Initialize VelocityEngine...");
-
-						VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
-						Template template = velocityEngine.getTemplate("/resources/templates/fetchGender.html");
-						VelocityContext context = new VelocityContext();
-						context.put("SAMLResponse", request.getParameter("SAMLResponse"));
-						context.put("action", request.getRequestURL());
-
-						StringWriter writer = new StringWriter();
-						template.merge(context, writer);
-
-						response.getOutputStream().write(writer.toString().getBytes("UTF-8"));
-					} catch (Exception e1) {
-						Logger.error("Error sending gender retrival form.", e1);
-						// httpSession.invalidate();
-						throw new MOAIDException("stork.10", null);
-					}
-
-					return;
-				}
-
-				Logger.error("Error connecting SZR Gateway", e);
-				throw new MOAIDException("stork.10", null);
-			}
-			Logger.debug("SZR communication was successfull");
-
-			if (identityLink == null) {
-				Logger.error("SZR Gateway did not return an identity link.");
-				throw new MOAIDException("stork.10", null);
-			}
-			moaSession.setForeigner(true);
-
-			Logger.info("Received Identity Link from SZR Gateway");
-			executionContext.put("identityLinkAvailable", true);
-			moaSession.setIdentityLink(identityLink);
-
-			Logger.debug("Adding addtional STORK attributes to MOA session");
-			moaSession.setStorkAttributes(authnResponse.getPersonalAttributeList());
-
-			Logger.debug("Add full STORK AuthnResponse to MOA session");
-			moaSession.setStorkAuthnResponse(request.getParameter("SAMLResponse"));
-
-			// We don't have BKUURL, setting from null to "Not applicable"
-			moaSession.setBkuURL("Not applicable (STORK Authentication)");
-
-			// free for single use
-			moaSession.setAuthenticatedUsed(false);
-
-			// stork did the authentication step
-			moaSession.setAuthenticated(true);
-
-			// TODO: found better solution, but QAA Level in response could be not supported yet
-			try {
-
-				moaSession.setQAALevel(authnResponse.getAssertions().get(0).getAuthnStatements().get(0)
-						.getAuthnContext().getAuthnContextClassRef().getAuthnContextClassRef());
-
-			} catch (Throwable e) {
-				Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level");
-				moaSession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel());
-
-			}
-
-			// session is implicit stored in changeSessionID!!!!
-			String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
-
-			Logger.info("Changed MOASession " + moaSessionID + " to Session " + newMOASessionID);
-
-			// redirect
-			String redirectURL = null;
-			redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(),
-					ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction(), pendingRequestID),
-					newMOASessionID);
-			redirectURL = response.encodeRedirectURL(redirectURL);
-
-			// response.setContentType("text/html");
-			// response.setStatus(302);
-			// response.addHeader("Location", redirectURL);
-			response.sendRedirect(redirectURL);
-			Logger.info("REDIRECT TO: " + redirectURL);
-
-		} catch (AuthenticationException e) {
-			handleError(null, e, request, response, pendingRequestID);
-
-		} catch (MOAIDException e) {
-			handleError(null, e, request, response, pendingRequestID);
-
-		} catch (Exception e) {
-			Logger.error("PEPSConnector has an interal Error.", e);
-		}
-
-		finally {
-			ConfigurationDBUtils.closeSession();
-		}
-
-	}
-
-	private boolean isDocumentServiceUsed(String citizenSignature) // TODo add better check
-	{
-		if (citizenSignature
-				.contains("<table border=\"0\"><tr><td>Service Name:</td><td>{http://stork.eu}DocumentService</td></tr><tr><td>Port Name:</td><td>{http://stork.eu}DocumentServicePort</td></tr></table>"))
-			return true;
-		return false;
-	}
-
-	/**
-	 * Get DTL uril from the oasis sign response
-	 * 
-	 * @param signRequest
-	 *            The signature response
-	 * @return The URL of DTL service
-	 * @throws SimpleException
-	 */
-	private String getDtlUrlFromResponse(SignResponse dssSignResponse) {
-		List<DocumentWithSignature> documents = ApiUtils.findNamedElement(dssSignResponse.getOptionalOutputs(),
-				ApiUtils.OPTIONAL_OUTPUT_DOCUMENTWITHSIGNATURE, DocumentWithSignature.class);
-		DocumentType sourceDocument = documents.get(0).getDocument();
-
-		if (sourceDocument.getDocumentURL() != null)
-			return sourceDocument.getDocumentURL();
-		else
-			return null;// throw new Exception("No document url found");
-	}
-
-	// From DTLPEPSUTIL
-
-	/**
-	 * Get document from DTL
-	 * 
-	 * @param transferRequest
-	 *            The transfer request (attribute query)
-	 * @param eDtlUrl
-	 *            The DTL url of external DTL
-	 * @return the document data
-	 * @throws SimpleException
-	 */
-	private byte[] getDocumentFromDtl(String transferRequest, String eDtlUrl) throws Exception {
-		URL url = null;
-		try {
-			url = new URL(dtlUrl);
-			QName qname = new QName("http://stork.eu", "DocumentService");
-
-			Service service = Service.create(url, qname);
-			DocumentService docservice = service.getPort(DocumentService.class);
-
-			BindingProvider bp = (BindingProvider) docservice;
-			SOAPBinding binding = (SOAPBinding) bp.getBinding();
-			binding.setMTOMEnabled(true);
-
-			if (eDtlUrl.equalsIgnoreCase(dtlUrl))
-				return docservice.getDocument(transferRequest, "");
-			else
-				return docservice.getDocument(transferRequest, eDtlUrl);
-		} catch (Exception e) {
-			e.printStackTrace();
-			throw new Exception("Error in getDocumentFromDtl", e);
-		}
-	}
-
-	/**
-	 * Get a document transfer request (attribute query)
-	 * 
-	 * @param docId
-	 * @return
-	 * @throws SimpleException
-	 */
-	private String getDocTransferRequest(String docId, String destinationUrl) throws Exception {
-		String spCountry = docId.substring(0, docId.indexOf("/"));
-		final STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");
-		STORKAttrQueryRequest req = new STORKAttrQueryRequest();
-		req.setAssertionConsumerServiceURL(dtlUrl);
-		req.setDestination(destinationUrl);
-		req.setSpCountry(spCountry);
-		req.setQaa(3);// TODO
-		PersonalAttributeList pal = new PersonalAttributeList();
-		PersonalAttribute attr = new PersonalAttribute();
-		attr.setName("docRequest");
-		attr.setIsRequired(true);
-		attr.setValue(Arrays.asList(docId));
-		pal.add(attr);
-		req.setPersonalAttributeList(pal);
-
-		STORKAttrQueryRequest req1;
-		try {
-			req1 = engine.generateSTORKAttrQueryRequest(req);
-			return PEPSUtil.encodeSAMLTokenUrlSafe(req1.getTokenSaml());
-		} catch (STORKSAMLEngineException e) {
-			e.printStackTrace();
-			throw new Exception("Error in doc request attribute query generation", e);
-		}
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/moduleregistration/AuthModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/moduleregistration/AuthModuleImpl.java
deleted file mode 100644
index cbe5c5932..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/moduleregistration/AuthModuleImpl.java
+++ /dev/null
@@ -1,23 +0,0 @@
-package at.gv.egovernment.moa.id.moduls.moduleregistration;
-
-import com.datentechnik.process_engine.api.ExecutionContext;
-
-public class AuthModuleImpl implements AuthModule {
-
-	@Override
-	public int getPriority() {
-		// neutral priority between Integer.MIN_VALUE and Integer.MAX_VALUE
-		return 0;
-	}
-
-	@Override
-	public String selectProcess(ExecutionContext context) {
-		return context.get("ccc") == null ? "DefaultAuthentication" : null;
-	}
-
-	@Override
-	public String[] getProcessDefinitions() {
-		return new String[] { "DefaultAuthentication" };
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/moduleregistration/ModuleRegistration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/moduleregistration/ModuleRegistration.java
index b90e0d94f..35fbce053 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/moduleregistration/ModuleRegistration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/moduleregistration/ModuleRegistration.java
@@ -32,13 +32,13 @@ public class ModuleRegistration {
 
 	private static ModuleRegistration instance = new ModuleRegistration();
 
-	private List<AuthModule> orderedModules = new ArrayList<>();
+	private List<AuthModule> priorizedModules = new ArrayList<>();
 
 	@Autowired
 	private ApplicationContext ctx;
 
 	@Autowired
-	ProcessEngine processEngine;
+	private ProcessEngine processEngine;
 
 	private Logger log = LoggerFactory.getLogger(getClass());
 
@@ -58,20 +58,21 @@ public class ModuleRegistration {
 		initSpringModules();
 
 		// order modules according to their priority
-		orderModules();
+		priorizeModules();
 	}
 
 	/**
 	 * Discovers modules which use the ServiceLoader mechanism.
 	 */
 	private void initServiceLoaderModules() {
-		log.debug("Discovering modules which use the ServiceLoader mechanism.");
+		log.info("Looking for auth modules.");
 		ServiceLoader<AuthModule> loader = ServiceLoader.load(AuthModule.class);
 		Iterator<AuthModule> modules = loader.iterator();
 		while (modules.hasNext()) {
 			AuthModule module = modules.next();
+			log.info("Detected module {}", module.getClass().getName());
 			registerResourceUris(module);
-			orderedModules.add(module);
+			priorizedModules.add(module);
 		}
 	}
 
@@ -83,7 +84,7 @@ public class ModuleRegistration {
 		Map<String, AuthModule> modules = ctx.getBeansOfType(AuthModule.class);
 		for (AuthModule module : modules.values()) {
 			registerResourceUris(module);
-			orderedModules.add(module);
+			priorizedModules.add(module);
 		}
 	}
 
@@ -96,17 +97,17 @@ public class ModuleRegistration {
 	private void registerResourceUris(AuthModule module) {
 		for (String uri : module.getProcessDefinitions()) {
 			Resource resource = ctx.getResource(uri);
-			if (resource.exists()) {
-				log.debug("Registering process definition resource uri: '{}'.", resource);
+			if (resource.isReadable()) {
+				log.info("Registering process definition resource: '{}'.", resource);
 				try (InputStream processDefinitionInputStream = resource.getInputStream()) {
 					processEngine.registerProcessDefinition(processDefinitionInputStream);
 				} catch (IOException e) {
-					log.info("Resource uri: '{}' could NOT be read.", resource);
+					log.error("Resource uri: '{}' could NOT be read.", uri, e);
 				} catch (ProcessDefinitionParserException e) {
-					log.warn("Error while parsing process definition in '{}'", resource);
+					log.error("Error while parsing process definition in '{}'", uri, e);
 				}
 			} else {
-				log.info("Resource uri: '{}' does NOT exist.", resource);
+				log.error("Resource uri: '{}' cannot be read.", uri);
 			}
 		}
 	}
@@ -114,8 +115,8 @@ public class ModuleRegistration {
 	/**
 	 * Order the modules in descending order according to their priority.
 	 */
-	private void orderModules() {
-		Collections.sort(orderedModules, new Comparator<AuthModule>() {
+	private void priorizeModules() {
+		Collections.sort(priorizedModules, new Comparator<AuthModule>() {
 			@Override
 			public int compare(AuthModule thisAuthModule, AuthModule otherAuthModule) {
 				int thisOrder = thisAuthModule.getPriority();
@@ -135,7 +136,7 @@ public class ModuleRegistration {
 	 * @return the process id or {@code null}
 	 */
 	public String selectProcess(ExecutionContext context) {
-		for (AuthModule module : orderedModules) {
+		for (AuthModule module : priorizedModules) {
 			String id = module.selectProcess(context);
 			if (StringUtils.isNotEmpty(id)) {
 				log.debug("Process with id '{}' selected, for context '{}'.", id, context);
diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.moduleregistration.AuthModule b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.moduleregistration.AuthModule
new file mode 100644
index 000000000..03cb2c631
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.moduleregistration.AuthModule
@@ -0,0 +1,3 @@
+# The default moaid process
+at.gv.egovernment.moa.id.auth.modules.internal.DefaultAuthModuleImpl
+at.gv.egovernment.moa.id.auth.modules.stork.STORKAuthModuleImpl
diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.modulregistration.AuthModule b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.modulregistration.AuthModule
deleted file mode 100644
index 0d7e98006..000000000
--- a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.modulregistration.AuthModule
+++ /dev/null
@@ -1,2 +0,0 @@
-# The default moaid process
-at.gv.egovernment.moa.id.moduls.modulregistration.AuthModuleImpl
\ No newline at end of file
diff --git a/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml b/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml
new file mode 100644
index 000000000..f58fd3c02
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<pd:ProcessDefinition id="DefaultAuthentication" xmlns:pd="http://www.datentechnik.com/process-engine/processdefinition/v1">
+
+<!--
+	- National authentication with Austrian Citizen Card and mobile signature with our without mandate.
+	- Legacy authentication for foreign citizens using MOCCA supported signature cards.
+-->
+	<pd:Task id="createIdentityLinkForm"    class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.CreateIdentityLinkFormTask" />
+	<pd:Task id="verifyIdentityLink"        class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyIdentityLinkTask"        async="true" />
+	<pd:Task id="verifyAuthBlock"           class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyAuthenticationBlockTask" async="true" />
+	<pd:Task id="verifyCertificate"         class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.VerifyCertificateTask"         async="true" />
+	<pd:Task id="getMISSessionID"           class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.GetMISSessionIDTask"           async="true" />
+	<pd:Task id="certificateReadRequest"    class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.CertificateReadRequestTask" />
+	<pd:Task id="prepareAuthBlockSignature" class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.PrepareAuthBlockSignatureTask" />
+	<pd:Task id="getForeignID"              class="at.gv.egovernment.moa.id.auth.modules.internal.tasks.GetForeignIDTask"              async="true" />
+
+	<!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. -->
+	<pd:StartEvent id="start" />
+	
+	<pd:Transition from="start"                     to="createIdentityLinkForm" />
+	
+	<pd:Transition from="createIdentityLinkForm"    to="verifyIdentityLink" />
+	
+	<pd:Transition from="verifyIdentityLink"        to="certificateReadRequest" conditionExpression="!ctx['identityLinkAvailable'] || ctx['useMandate']" />
+	<pd:Transition from="verifyIdentityLink"        to="prepareAuthBlockSignature" />
+	
+	<pd:Transition from="prepareAuthBlockSignature" to="verifyAuthBlock" />
+	<!-- Note: verifyAuthBlock still creates a MIS session and redirects the user to the MIS gui. This should be separated from the auth block verification. -->
+	
+	<pd:Transition from="certificateReadRequest"    to="verifyCertificate" />
+	<!-- Note: verifyCertificate still creates the auth block to be signed which should be separated from certificat verification. -->
+	
+	<pd:Transition from="verifyCertificate"         to="verifyAuthBlock" conditionExpression="ctx['useMandate']" />
+	<pd:Transition from="verifyCertificate"         to="getForeignID" />
+	
+	<pd:Transition from="verifyAuthBlock"           to="getMISSessionID" conditionExpression="ctx['useMandate']" />
+	<pd:Transition from="verifyAuthBlock"           to="end" />
+	
+	<pd:Transition from="getMISSessionID"           to="end" />
+	<pd:Transition from="getForeignID"              to="end" />
+	
+	<pd:EndEvent id="end" />
+
+</pd:ProcessDefinition>
diff --git a/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthentication.process.xml b/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthentication.process.xml
new file mode 100644
index 000000000..04fc476fe
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthentication.process.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<pd:ProcessDefinition id="STORKAuthentication" xmlns:pd="http://www.datentechnik.com/process-engine/processdefinition/v1">
+
+<!--at.gv.egovernment.moa.id.auth.modules.stork.tasks.AbstractPepsConnectorWithLocalSigningTask
+	- STORK authentication both with C-PEPS supporting xml signatures and with C-PEPS not supporting xml signatures.
+-->
+	<pd:Task id="createStorkAuthRequestForm"      class="at.gv.egovernment.moa.id.auth.modules.stork.tasks.CreateStorkAuthRequestFormTask" />
+	<pd:Task id="pepsConnector"                   class="at.gv.egovernment.moa.id.auth.modules.stork.tasks.PepsConnectorTask"                               async="true" />
+	<pd:Task id="pepsConnectorWithoutSignature"   class="at.gv.egovernment.moa.id.auth.modules.stork.tasks.PepsConnectorHandleResponseWithoutSignatureTask" async="true" />
+	<pd:Task id="pepsConnectorWithLocalSignature" class="at.gv.egovernment.moa.id.auth.modules.stork.tasks.PepsConnectorHandleLocalSignResponseTask"        async="true" />
+
+	<!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. -->
+	<pd:StartEvent id="start" />
+	
+	<pd:Transition from="start" to="createStorkAuthRequestForm" />
+	
+	<pd:Transition from="createStorkAuthRequestForm" to="pepsConnector" conditionExpression="ctx['C-PEPS:XMLSignatureSupported']" />
+	<pd:Transition from="createStorkAuthRequestForm" to="pepsConnectorWithoutSignature" />
+	
+	<pd:Transition from="pepsConnector" to="pepsConnector" conditionExpression="!ctx['identityLinkAvailable']" /> <!-- honor strange intermediate step of asking for the subject's gender -->
+	<pd:Transition from="pepsConnector" to="end" />
+	
+	<pd:Transition from="pepsConnectorWithoutSignature"   to="pepsConnectorWithLocalSignature" />
+	<pd:Transition from="pepsConnectorWithLocalSignature" to="pepsConnectorWithoutSignature" conditionExpression="!ctx['identityLinkAvailable']" /> <!-- honor strange intermediate step of asking for the subject's gender -->
+	<pd:Transition from="pepsConnectorWithLocalSignature" to="end" />
+	
+	<pd:EndEvent id="end" />
+
+</pd:ProcessDefinition>
diff --git a/id/server/idserverlib/src/main/resources/resources/processes/DefaultAuthentication.process.xml b/id/server/idserverlib/src/main/resources/resources/processes/DefaultAuthentication.process.xml
deleted file mode 100644
index b7d0d0f8b..000000000
--- a/id/server/idserverlib/src/main/resources/resources/processes/DefaultAuthentication.process.xml
+++ /dev/null
@@ -1,44 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<pd:ProcessDefinition id="DefaultAuthentication" xmlns:pd="http://www.datentechnik.com/process-engine/processdefinition/v1">
-
-<!--
-	- National authentication with Austrian Citizen Card and mobile signature with our without mandate.
-	- Legacy authentication for foreign citizens using MOCCA supported signature cards.
--->
-	<pd:Task id="createIdentityLinkForm"    class="at.gv.egovernment.moa.id.auth.tasks.CreateIdentityLinkFormTask" />
-	<pd:Task id="verifyIdentityLink"        class="at.gv.egovernment.moa.id.auth.tasks.VerifyIdentityLinkTask"        async="true" />
-	<pd:Task id="verifyAuthBlock"           class="at.gv.egovernment.moa.id.auth.tasks.VerifyAuthenticationBlockTask" async="true" />
-	<pd:Task id="verifyCertificate"         class="at.gv.egovernment.moa.id.auth.tasks.VerifyCertificateTask"         async="true" />
-	<pd:Task id="getMISSessionID"           class="at.gv.egovernment.moa.id.auth.tasks.GetMISSessionIDTask"           async="true" />
-	<pd:Task id="certificateReadRequest"    class="at.gv.egovernment.moa.id.auth.tasks.CertificateReadRequestTask" />
-	<pd:Task id="prepareAuthBlockSignature" class="at.gv.egovernment.moa.id.auth.tasks.PrepareAuthBlockSignatureTask" />
-	<pd:Task id="getForeignID"              class="at.gv.egovernment.moa.id.auth.tasks.GetForeignIDTask"              async="true" />
-
-	<!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. -->
-	<pd:StartEvent id="start" />
-	
-	<pd:Transition from="start"                     to="createIdentityLinkForm" />
-	
-	<pd:Transition from="createIdentityLinkForm"    to="verifyIdentityLink" />
-	
-	<pd:Transition from="verifyIdentityLink"        to="certificateReadRequest" conditionExpression="!ctx['identityLinkAvailable'] || ctx['useMandate']" />
-	<pd:Transition from="verifyIdentityLink"        to="prepareAuthBlockSignature" />
-	
-	<pd:Transition from="prepareAuthBlockSignature" to="verifyAuthBlock" />
-	<!-- Note: verifyAuthBlock still creates a MIS session and redirects the user to the MIS gui. This should be separated from the auth block verification. -->
-	
-	<pd:Transition from="certificateReadRequest"    to="verifyCertificate" />
-	<!-- Note: verifyCertificate still creates the auth block to be signed which should be separated from certificat verification. -->
-	
-	<pd:Transition from="verifyCertificate"         to="verifyAuthBlock" conditionExpression="ctx['useMandate']" />
-	<pd:Transition from="verifyCertificate"         to="getForeignID" />
-	
-	<pd:Transition from="verifyAuthBlock"           to="getMISSessionID" conditionExpression="ctx['useMandate']" />
-	<pd:Transition from="verifyAuthBlock"           to="end" />
-	
-	<pd:Transition from="getMISSessionID"           to="end" />
-	<pd:Transition from="getForeignID"              to="end" />
-	
-	<pd:EndEvent id="end" />
-
-</pd:ProcessDefinition>
diff --git a/id/server/idserverlib/src/main/resources/resources/processes/STORKAuthentication.process.xml b/id/server/idserverlib/src/main/resources/resources/processes/STORKAuthentication.process.xml
deleted file mode 100644
index 592603457..000000000
--- a/id/server/idserverlib/src/main/resources/resources/processes/STORKAuthentication.process.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<pd:ProcessDefinition id="STORKAuthentication" xmlns:pd="http://www.datentechnik.com/process-engine/processdefinition/v1">
-
-<!--
-	- STORK authentication both with C-PEPS supporting xml signatures and with C-PEPS not supporting xml signatures.
--->
-	<pd:Task id="createStorkAuthRequestForm"      class="at.gv.egovernment.moa.id.auth.tasks.stork.CreateStorkAuthRequestFormTask" />
-	<pd:Task id="pepsConnector"                   class="at.gv.egovernment.moa.id.auth.tasks.stork.PepsConnectorTask"                               async="true" />
-	<pd:Task id="pepsConnectorWithoutSignature"   class="at.gv.egovernment.moa.id.auth.tasks.stork.PepsConnectorHandleResponseWithoutSignatureTask" async="true" />
-	<pd:Task id="pepsConnectorWithLocalSignature" class="at.gv.egovernment.moa.id.auth.tasks.stork.PepsConnectorHandleLocalSignResponseTask"        async="true" />
-
-	<!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. -->
-	<pd:StartEvent id="start" />
-	
-	<pd:Transition from="start" to="createStorkAuthRequestForm" />
-	
-	<pd:Transition from="createStorkAuthRequestForm" to="pepsConnector" conditionExpression="ctx['C-PEPS:XMLSignatureSupported']" />
-	<pd:Transition from="createStorkAuthRequestForm" to="pepsConnectorWithoutSignature" />
-	
-	<pd:Transition from="pepsConnector" to="pepsConnector" conditionExpression="!ctx['identityLinkAvailable']" /> <!-- honor strange intermediate step of asking for the subject's gender -->
-	<pd:Transition from="pepsConnector" to="end" />
-	
-	<pd:Transition from="pepsConnectorWithoutSignature"   to="pepsConnectorWithLocalSignature" />
-	<pd:Transition from="pepsConnectorWithLocalSignature" to="pepsConnectorWithoutSignature" conditionExpression="!ctx['identityLinkAvailable']" /> <!-- honor strange intermediate step of asking for the subject's gender -->
-	<pd:Transition from="pepsConnectorWithLocalSignature" to="end" />
-	
-	<pd:EndEvent id="end" />
-
-</pd:ProcessDefinition>
-- 
cgit v1.2.3


From c6f543e06c02c0a2635eac2e9b99c2554e6e27bd Mon Sep 17 00:00:00 2001
From: Christian Wagner <c.wagner@datentechnik-innovation.com>
Date: Thu, 29 Jan 2015 14:39:11 +0100
Subject: integrate process engine from project 'dti-process-engine'

  - fix unit tests
  - correct namespaces
  - refactor package name
---
 .../src/main/webapp/WEB-INF/applicationContext.xml |   2 +-
 .../moa/id/process/ProcessDefinitionParser.java    |   2 +-
 .../moa/id/process/ProcessDefinition.xsd           |   4 +-
 .../processes/DefaultAuthentication.process.xml    |   2 +-
 .../test/BooleanStringExpressionEvaluator.java     |  24 ----
 .../process/process_engine/test/HalloWeltTask.java |  19 ---
 .../process_engine/test/HelloWorldTask.java        |  19 ---
 .../test/ProcessDefinitionParserTest.java          | 137 ---------------------
 .../process_engine/test/ProcessEngineTest.java     |  67 ----------
 .../SpringExpressionAwareProcessEngineTest.java    |  25 +++-
 .../test/BooleanStringExpressionEvaluator.java     |  24 ++++
 .../moa/id/process/test/HalloWeltTask.java         |  19 +++
 .../moa/id/process/test/HelloWorldTask.java        |  19 +++
 .../process/test/ProcessDefinitionParserTest.java  | 137 +++++++++++++++++++++
 .../moa/id/process/test/ProcessEngineTest.java     |  67 ++++++++++
 ...nvalidProcessDefinition_MultipleStartEvents.xml |  22 ----
 .../InvalidProcessDefinition_NoStartEvents.xml     |  16 ---
 .../InvalidProcessDefinition_TransitionLoop.xml    |  21 ----
 ...dProcessDefinition_TransitionRefsTransition.xml |  19 ---
 ...cessDefinition_TransitionStartsFromEndEvent.xml |  19 ---
 .../test/SampleProcessDefinition1.xml              |  18 ---
 .../test/SampleProcessDefinition2.xml              |  21 ----
 ...mpleProcessDefinitionForSAML1Authentication.xml |  14 +--
 .../SampleProcessDefinitionWithExpression1.xml     |   2 +-
 ...ingExpressionAwareProcessEngineTest-context.xml |  10 +-
 .../test/SpringExpressionEvaluatorTest-context.xml |   4 +-
 ...nvalidProcessDefinition_MultipleStartEvents.xml |  22 ++++
 .../InvalidProcessDefinition_NoStartEvents.xml     |  16 +++
 .../InvalidProcessDefinition_TransitionLoop.xml    |  21 ++++
 ...dProcessDefinition_TransitionRefsTransition.xml |  19 +++
 ...cessDefinition_TransitionStartsFromEndEvent.xml |  19 +++
 .../id/process/test/SampleProcessDefinition1.xml   |  18 +++
 .../id/process/test/SampleProcessDefinition2.xml   |  21 ++++
 33 files changed, 445 insertions(+), 424 deletions(-)
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/process_engine/test/BooleanStringExpressionEvaluator.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/process_engine/test/HalloWeltTask.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/process_engine/test/HelloWorldTask.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/process_engine/test/ProcessDefinitionParserTest.java
 delete mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/process_engine/test/ProcessEngineTest.java
 create mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/BooleanStringExpressionEvaluator.java
 create mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HalloWeltTask.java
 create mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HelloWorldTask.java
 create mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessDefinitionParserTest.java
 create mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessEngineTest.java
 delete mode 100644 id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/process_engine/test/InvalidProcessDefinition_MultipleStartEvents.xml
 delete mode 100644 id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/process_engine/test/InvalidProcessDefinition_NoStartEvents.xml
 delete mode 100644 id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/process_engine/test/InvalidProcessDefinition_TransitionLoop.xml
 delete mode 100644 id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/process_engine/test/InvalidProcessDefinition_TransitionRefsTransition.xml
 delete mode 100644 id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/process_engine/test/InvalidProcessDefinition_TransitionStartsFromEndEvent.xml
 delete mode 100644 id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/process_engine/test/SampleProcessDefinition1.xml
 delete mode 100644 id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/process_engine/test/SampleProcessDefinition2.xml
 create mode 100644 id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/test/InvalidProcessDefinition_MultipleStartEvents.xml
 create mode 100644 id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/test/InvalidProcessDefinition_NoStartEvents.xml
 create mode 100644 id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/test/InvalidProcessDefinition_TransitionLoop.xml
 create mode 100644 id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/test/InvalidProcessDefinition_TransitionRefsTransition.xml
 create mode 100644 id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/test/InvalidProcessDefinition_TransitionStartsFromEndEvent.xml
 create mode 100644 id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/test/SampleProcessDefinition1.xml
 create mode 100644 id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/test/SampleProcessDefinition2.xml

(limited to 'id/server/auth/src')

diff --git a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml
index ce8fe8971..a251064f6 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml
@@ -11,7 +11,7 @@
 
 	<bean id="processEngine" class="at.gv.egovernment.moa.id.process.ProcessEngineImpl">
 		<property name="transitionConditionExpressionEvaluator">
-			<bean class="com.datentechnik.process_engine.spring.SpringExpressionEvaluator" />
+			<bean class="at.gv.egovernment.moa.id.process.spring.SpringExpressionEvaluator" />
 		</property>
 		<property name="processInstanceMaxIdleTimeSeconds" value="600" />
 	<!--
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessDefinitionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessDefinitionParser.java
index 6b245f013..162ee624a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessDefinitionParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessDefinitionParser.java
@@ -43,7 +43,7 @@ import at.gv.egovernment.moa.id.process.model.Transition;
  */
 public class ProcessDefinitionParser {
 	
-	private static final String NS = "http://www.datentechnik.com/process-engine/processdefinition/v1";
+	private static final String NS = "http://reference.e-government.gv.at/namespace/moa/process/definition/v1";
 	
 	private static Logger log = LoggerFactory.getLogger(ProcessDefinitionParser.class);
 
diff --git a/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/process/ProcessDefinition.xsd b/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/process/ProcessDefinition.xsd
index 42db4f807..d6ab7ae46 100644
--- a/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/process/ProcessDefinition.xsd
+++ b/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/process/ProcessDefinition.xsd
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"
-	targetNamespace="http://www.datentechnik.com/process-engine/processdefinition/v1"
-	xmlns:tns="http://www.datentechnik.com/process-engine/processdefinition/v1"
+	targetNamespace="http://reference.e-government.gv.at/namespace/moa/process/definition/v1"
+	xmlns:tns="http://reference.e-government.gv.at/namespace/moa/process/definition/v1"
 	elementFormDefault="qualified" version="1.0">
 
 	<xsd:element name="ProcessDefinition">
diff --git a/id/server/idserverlib/src/main/resources/resources/processes/DefaultAuthentication.process.xml b/id/server/idserverlib/src/main/resources/resources/processes/DefaultAuthentication.process.xml
index 48c9ee56c..35abc1304 100644
--- a/id/server/idserverlib/src/main/resources/resources/processes/DefaultAuthentication.process.xml
+++ b/id/server/idserverlib/src/main/resources/resources/processes/DefaultAuthentication.process.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<pd:ProcessDefinition id="DefaultAuthentication" xmlns:pd="http://www.datentechnik.com/process-engine/processdefinition/v1">
+<pd:ProcessDefinition id="DefaultAuthentication" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1">
 
 <!--
 	- National authentication with Austrian Citizen Card and mobile signature.
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/process_engine/test/BooleanStringExpressionEvaluator.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/process_engine/test/BooleanStringExpressionEvaluator.java
deleted file mode 100644
index c51f5fe66..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/process_engine/test/BooleanStringExpressionEvaluator.java
+++ /dev/null
@@ -1,24 +0,0 @@
-package at.gv.egovernment.moa.id.process.process_engine.test;
-
-import java.util.Objects;
-
-import org.apache.commons.lang3.BooleanUtils;
-
-import at.gv.egovernment.moa.id.process.api.ExpressionEvaluationContext;
-import at.gv.egovernment.moa.id.process.api.ExpressionEvaluator;
-
-/**
- * Expression evaluator that guesses the boolean value from a String. Refer to {@link BooleanUtils#toBoolean(String)}
- * for further information.
- * 
- * @author tknall
- * 
- */
-public class BooleanStringExpressionEvaluator implements ExpressionEvaluator {
-
-	@Override
-	public boolean evaluate(ExpressionEvaluationContext expressionContext, String expression) {
-		return BooleanUtils.toBoolean(Objects.requireNonNull(expression, "Expression must not be null."));
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/process_engine/test/HalloWeltTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/process_engine/test/HalloWeltTask.java
deleted file mode 100644
index 1a8de811b..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/process_engine/test/HalloWeltTask.java
+++ /dev/null
@@ -1,19 +0,0 @@
-package at.gv.egovernment.moa.id.process.process_engine.test;
-
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.process.api.Task;
-
-/**
- * Simple task that just outputs a "Hallo World" text to the console.
- * 
- * @author tknall
- * 
- */
-public class HalloWeltTask implements Task {
-
-	@Override
-	public void execute(ExecutionContext executionContext) {
-		System.out.println("Hallo Welt");
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/process_engine/test/HelloWorldTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/process_engine/test/HelloWorldTask.java
deleted file mode 100644
index 6ce3091dd..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/process_engine/test/HelloWorldTask.java
+++ /dev/null
@@ -1,19 +0,0 @@
-package at.gv.egovernment.moa.id.process.process_engine.test;
-
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.process.api.Task;
-
-/**
- * Simple task that just outputs a "Hello World" text to the console.
- * 
- * @author tknall
- * 
- */
-public class HelloWorldTask implements Task {
-
-	@Override
-	public void execute(ExecutionContext executionContext) {
-		System.out.println("Hello World");
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/process_engine/test/ProcessDefinitionParserTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/process_engine/test/ProcessDefinitionParserTest.java
deleted file mode 100644
index e20f4bfe8..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/process_engine/test/ProcessDefinitionParserTest.java
+++ /dev/null
@@ -1,137 +0,0 @@
-package at.gv.egovernment.moa.id.process.process_engine.test;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertNull;
-import static org.junit.Assert.assertTrue;
-
-import java.io.IOException;
-import java.io.InputStream;
-
-import org.junit.Test;
-
-import at.gv.egovernment.moa.id.process.ProcessDefinitionParser;
-import at.gv.egovernment.moa.id.process.ProcessDefinitionParserException;
-import at.gv.egovernment.moa.id.process.model.EndEvent;
-import at.gv.egovernment.moa.id.process.model.ProcessDefinition;
-import at.gv.egovernment.moa.id.process.model.ProcessNode;
-import at.gv.egovernment.moa.id.process.model.StartEvent;
-import at.gv.egovernment.moa.id.process.model.TaskInfo;
-import at.gv.egovernment.moa.id.process.model.Transition;
-
-public class ProcessDefinitionParserTest {
-	
-	@Test(expected = ProcessDefinitionParserException.class)
-	public void testParseInvalidProcessDefinition_MultipleStartEvents() throws IOException, ProcessDefinitionParserException {
-		try (InputStream in = getClass().getResourceAsStream("InvalidProcessDefinition_MultipleStartEvents.xml")) {
-			new ProcessDefinitionParser().parse(in);
-		}
-	}
-	
-	@Test(expected = ProcessDefinitionParserException.class)
-	public void testParseInvalidProcessDefinition_TransitionLoop() throws IOException, ProcessDefinitionParserException {
-		try (InputStream in = getClass().getResourceAsStream("InvalidProcessDefinition_TransitionLoop.xml")) {
-			new ProcessDefinitionParser().parse(in);
-		}
-	}
-	
-	@Test(expected = ProcessDefinitionParserException.class)
-	public void testParseInvalidProcessDefinition_TransitionStartsFromEndEvent() throws IOException, ProcessDefinitionParserException {
-		try (InputStream in = getClass().getResourceAsStream("InvalidProcessDefinition_TransitionStartsFromEndEvent.xml")) {
-			new ProcessDefinitionParser().parse(in);
-		}
-	}
-	
-	@Test(expected = ProcessDefinitionParserException.class)
-	public void testParseInvalidProcessDefinition_TransitionRefsTransition() throws IOException, ProcessDefinitionParserException {
-		try (InputStream in = getClass().getResourceAsStream("InvalidProcessDefinition_TransitionRefsTransition.xml")) {
-			new ProcessDefinitionParser().parse(in);
-		}
-	}
-	
-	@Test(expected = ProcessDefinitionParserException.class)
-	public void testParseInvalidProcessDefinition_NoStartEvents() throws IOException, ProcessDefinitionParserException {
-		try (InputStream in = getClass().getResourceAsStream("InvalidProcessDefinition_NoStartEvents.xml")) {
-			new ProcessDefinitionParser().parse(in);
-		}
-	}
-	
-	@Test
-	public void testParseSampleProcessDefinition() throws IOException, ProcessDefinitionParserException {
-		try (InputStream in = getClass().getResourceAsStream("SampleProcessDefinition1.xml")) {
-			
-			ProcessDefinitionParser parser = new ProcessDefinitionParser();
-			ProcessDefinition pd = parser.parse(in);
-			
-			assertNotNull(pd);
-			assertEquals("SampleProcess1", pd.getId());
-			
-			// first assert tasks then transitions
-			// start event
-			StartEvent startEvent = pd.getStartEvent();
-			assertNotNull(startEvent);
-			assertEquals("start", startEvent.getId());
-			assertEquals(startEvent, pd.getProcessNode("start"));
-			// task1
-			ProcessNode processNode = pd.getProcessNode("task1");
-			assertNotNull(processNode);
-			assertTrue(processNode instanceof TaskInfo);
-			TaskInfo task1 = (TaskInfo) processNode;
-			assertEquals("task1", task1.getId());
-			assertFalse(task1.isAsync());
-			// task2 
-			processNode = pd.getProcessNode("task2");
-			assertNotNull(processNode);
-			assertTrue(processNode instanceof TaskInfo);
-			TaskInfo task2 = (TaskInfo) processNode;
-			assertEquals("task2", task2.getId());
-			assertTrue(task2.isAsync());
-			// end event
-			processNode = pd.getProcessNode("end");
-			assertNotNull(processNode);
-			assertTrue(processNode instanceof EndEvent);
-			EndEvent endEvent = (EndEvent) processNode;
-			assertEquals("end", endEvent.getId());
-			
-			// assert transitions
-			// start event
-			assertNotNull(startEvent.getIncomingTransitions());
-			assertTrue(startEvent.getIncomingTransitions().isEmpty());
-			assertNotNull(startEvent.getOutgoingTransitions());
-			assertEquals(1, startEvent.getOutgoingTransitions().size());
-			// transition from start to task1
-			Transition startToTask1 = startEvent.getOutgoingTransitions().get(0);
-			assertEquals("fromStart", startToTask1.getId());
-			assertEquals(startEvent, startToTask1.getFrom());
-			assertEquals(task1, startToTask1.getTo());
-			assertEquals("true", startToTask1.getConditionExpression());
-			// task1
-			assertNotNull(task1.getIncomingTransitions());
-			assertEquals(1, task1.getIncomingTransitions().size());
-			assertEquals(startToTask1, task1.getIncomingTransitions().get(0));
-			assertNotNull(task1.getOutgoingTransitions());
-			assertEquals(1, task1.getOutgoingTransitions().size());
-			// transition from task1 to task2
-			Transition task1ToTask2 = task1.getOutgoingTransitions().get(0);
-			assertNull(task1ToTask2.getId());
-			assertEquals(task1, task1ToTask2.getFrom());
-			assertEquals(task2, task1ToTask2.getTo());
-			assertNull(task1ToTask2.getConditionExpression());
-			// task2
-			assertNotNull(task2.getIncomingTransitions());
-			assertEquals(1, task2.getIncomingTransitions().size());
-			assertEquals(task1ToTask2, task2.getIncomingTransitions().get(0));
-			assertNotNull(task2.getOutgoingTransitions());
-			assertEquals(1, task2.getOutgoingTransitions().size());
-			// transition from task2 to end
-			Transition task2ToEnd = task2.getOutgoingTransitions().get(0);
-			assertNull(task2ToEnd.getId());
-			assertEquals(task2, task2ToEnd.getFrom());
-			assertEquals(endEvent, task2ToEnd.getTo());
-			assertNull(task2ToEnd.getConditionExpression());
-			
-		}
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/process_engine/test/ProcessEngineTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/process_engine/test/ProcessEngineTest.java
deleted file mode 100644
index 04a7a659d..000000000
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/process_engine/test/ProcessEngineTest.java
+++ /dev/null
@@ -1,67 +0,0 @@
-package at.gv.egovernment.moa.id.process.process_engine.test;
-
-import static at.gv.egovernment.moa.id.process.ProcessInstanceState.ENDED;
-import static at.gv.egovernment.moa.id.process.ProcessInstanceState.NOT_STARTED;
-import static at.gv.egovernment.moa.id.process.ProcessInstanceState.SUSPENDED;
-import static org.junit.Assert.assertEquals;
-
-import java.io.IOException;
-import java.io.InputStream;
-
-import org.junit.BeforeClass;
-import org.junit.Test;
-
-import at.gv.egovernment.moa.id.process.ProcessDefinitionParser;
-import at.gv.egovernment.moa.id.process.ProcessDefinitionParserException;
-import at.gv.egovernment.moa.id.process.ProcessEngine;
-import at.gv.egovernment.moa.id.process.ProcessEngineImpl;
-import at.gv.egovernment.moa.id.process.ProcessExecutionException;
-import at.gv.egovernment.moa.id.process.ProcessInstance;
-
-public class ProcessEngineTest {
-	
-	private static ProcessEngine pe;
-	
-	@BeforeClass
-	public static void init() throws IOException, ProcessDefinitionParserException {
-		ProcessDefinitionParser pdp = new ProcessDefinitionParser();
-		pe = new ProcessEngineImpl();
-		((ProcessEngineImpl) pe).setTransitionConditionExpressionEvaluator(new BooleanStringExpressionEvaluator());
-		try (InputStream in = ProcessEngineTest.class.getResourceAsStream("SampleProcessDefinition1.xml")) {
-			((ProcessEngineImpl) pe).registerProcessDefinition(pdp.parse(in));
-		}
-		try (InputStream in = ProcessEngineTest.class.getResourceAsStream("SampleProcessDefinition2.xml")) {
-			((ProcessEngineImpl) pe).registerProcessDefinition(pdp.parse(in));
-		}
-	}
-	
-	@Test
-	public void testSampleProcess1() throws IOException, ProcessDefinitionParserException, ProcessExecutionException {
-		ProcessInstance pi = pe.createProcessInstance("SampleProcess1");
-		assertEquals(NOT_STARTED, pi.getState());
-		// start process
-		pe.start(pi);
-		assertEquals(SUSPENDED, pi.getState());
-		System.out.println("Do something asynchronously");
-		pe.signal(pi);
-		assertEquals(ENDED, pi.getState());
-	}
-	
-	@Test
-	public void testSampleProcess2() throws IOException, ProcessDefinitionParserException, ProcessExecutionException {
-		ProcessInstance pi = pe.createProcessInstance("SampleProcess2");
-		assertEquals(NOT_STARTED, pi.getState());
-		// start process
-		pe.start(pi);
-		assertEquals(SUSPENDED, pi.getState());
-		System.out.println("Do something asynchronously");
-		pe.signal(pi);
-		assertEquals(ENDED, pi.getState());
-	}
-	
-	@Test(expected = IllegalArgumentException.class)
-	public void testProcessInstanceDoesNotExist() {
-		pe.getProcessInstance("does not exist");
-	}
-
-}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest.java
index 4022a7a15..8752aa7b8 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest.java
@@ -6,18 +6,22 @@ import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
 
 import java.io.IOException;
+import java.io.InputStream;
 
+import org.junit.BeforeClass;
 import org.junit.Test;
 import org.junit.runner.RunWith;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 
+import at.gv.egovernment.moa.id.process.ProcessDefinitionParser;
 import at.gv.egovernment.moa.id.process.ProcessDefinitionParserException;
 import at.gv.egovernment.moa.id.process.ProcessEngine;
+import at.gv.egovernment.moa.id.process.ProcessEngineImpl;
 import at.gv.egovernment.moa.id.process.ProcessExecutionException;
 import at.gv.egovernment.moa.id.process.ProcessInstance;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.id.process.spring.SpringExpressionEvaluator;
 
 /**
  * Tests the process engine using processes based on Spring EL referencing the process context and further Spring beans.
@@ -29,12 +33,27 @@ import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 @ContextConfiguration
 public class SpringExpressionAwareProcessEngineTest {
 
-	@Autowired
-	private ProcessEngine pe;
+	
+	private static ProcessEngine pe;
 
+	@BeforeClass
+	public static void init() throws IOException, ProcessDefinitionParserException {
+		
+		pe = new ProcessEngineImpl();
+		((ProcessEngineImpl) pe).setTransitionConditionExpressionEvaluator(new SpringExpressionEvaluator());
+		try (InputStream in = SpringExpressionAwareProcessEngineTest.class.getResourceAsStream("SampleProcessDefinitionWithExpression1.xml")) {
+			((ProcessEngineImpl) pe).registerProcessDefinition(in);
+		}
+		try (InputStream in = SpringExpressionAwareProcessEngineTest.class.getResourceAsStream("SampleProcessDefinitionForSAML1Authentication.xml")) {
+			((ProcessEngineImpl) pe).registerProcessDefinition(in);
+		}
+	}
+	
 	@Test
 	public void testSampleProcessDefinitionWithExpression1() throws IOException, ProcessDefinitionParserException,
 			ProcessExecutionException {
+		
+		
 		ProcessInstance pi = pe.createProcessInstance("SampleProcessWithExpression1");
 		assertEquals(NOT_STARTED, pi.getState());
 		// start process
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/BooleanStringExpressionEvaluator.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/BooleanStringExpressionEvaluator.java
new file mode 100644
index 000000000..20dfc50ef
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/BooleanStringExpressionEvaluator.java
@@ -0,0 +1,24 @@
+package at.gv.egovernment.moa.id.process.test;
+
+import java.util.Objects;
+
+import org.apache.commons.lang3.BooleanUtils;
+
+import at.gv.egovernment.moa.id.process.api.ExpressionEvaluationContext;
+import at.gv.egovernment.moa.id.process.api.ExpressionEvaluator;
+
+/**
+ * Expression evaluator that guesses the boolean value from a String. Refer to {@link BooleanUtils#toBoolean(String)}
+ * for further information.
+ * 
+ * @author tknall
+ * 
+ */
+public class BooleanStringExpressionEvaluator implements ExpressionEvaluator {
+
+	@Override
+	public boolean evaluate(ExpressionEvaluationContext expressionContext, String expression) {
+		return BooleanUtils.toBoolean(Objects.requireNonNull(expression, "Expression must not be null."));
+	}
+
+}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HalloWeltTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HalloWeltTask.java
new file mode 100644
index 000000000..d05200ee8
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HalloWeltTask.java
@@ -0,0 +1,19 @@
+package at.gv.egovernment.moa.id.process.test;
+
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.id.process.api.Task;
+
+/**
+ * Simple task that just outputs a "Hallo World" text to the console.
+ * 
+ * @author tknall
+ * 
+ */
+public class HalloWeltTask implements Task {
+
+	@Override
+	public void execute(ExecutionContext executionContext) {
+		System.out.println("Hallo Welt");
+	}
+
+}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HelloWorldTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HelloWorldTask.java
new file mode 100644
index 000000000..e79bb8198
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/HelloWorldTask.java
@@ -0,0 +1,19 @@
+package at.gv.egovernment.moa.id.process.test;
+
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.id.process.api.Task;
+
+/**
+ * Simple task that just outputs a "Hello World" text to the console.
+ * 
+ * @author tknall
+ * 
+ */
+public class HelloWorldTask implements Task {
+
+	@Override
+	public void execute(ExecutionContext executionContext) {
+		System.out.println("Hello World");
+	}
+
+}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessDefinitionParserTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessDefinitionParserTest.java
new file mode 100644
index 000000000..df13f064b
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessDefinitionParserTest.java
@@ -0,0 +1,137 @@
+package at.gv.egovernment.moa.id.process.test;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+import org.junit.Test;
+
+import at.gv.egovernment.moa.id.process.ProcessDefinitionParser;
+import at.gv.egovernment.moa.id.process.ProcessDefinitionParserException;
+import at.gv.egovernment.moa.id.process.model.EndEvent;
+import at.gv.egovernment.moa.id.process.model.ProcessDefinition;
+import at.gv.egovernment.moa.id.process.model.ProcessNode;
+import at.gv.egovernment.moa.id.process.model.StartEvent;
+import at.gv.egovernment.moa.id.process.model.TaskInfo;
+import at.gv.egovernment.moa.id.process.model.Transition;
+
+public class ProcessDefinitionParserTest {
+	
+	@Test(expected = ProcessDefinitionParserException.class)
+	public void testParseInvalidProcessDefinition_MultipleStartEvents() throws IOException, ProcessDefinitionParserException {
+		try (InputStream in = getClass().getResourceAsStream("InvalidProcessDefinition_MultipleStartEvents.xml")) {
+			new ProcessDefinitionParser().parse(in);
+		}
+	}
+	
+	@Test(expected = ProcessDefinitionParserException.class)
+	public void testParseInvalidProcessDefinition_TransitionLoop() throws IOException, ProcessDefinitionParserException {
+		try (InputStream in = getClass().getResourceAsStream("InvalidProcessDefinition_TransitionLoop.xml")) {
+			new ProcessDefinitionParser().parse(in);
+		}
+	}
+	
+	@Test(expected = ProcessDefinitionParserException.class)
+	public void testParseInvalidProcessDefinition_TransitionStartsFromEndEvent() throws IOException, ProcessDefinitionParserException {
+		try (InputStream in = getClass().getResourceAsStream("InvalidProcessDefinition_TransitionStartsFromEndEvent.xml")) {
+			new ProcessDefinitionParser().parse(in);
+		}
+	}
+	
+	@Test(expected = ProcessDefinitionParserException.class)
+	public void testParseInvalidProcessDefinition_TransitionRefsTransition() throws IOException, ProcessDefinitionParserException {
+		try (InputStream in = getClass().getResourceAsStream("InvalidProcessDefinition_TransitionRefsTransition.xml")) {
+			new ProcessDefinitionParser().parse(in);
+		}
+	}
+	
+	@Test(expected = ProcessDefinitionParserException.class)
+	public void testParseInvalidProcessDefinition_NoStartEvents() throws IOException, ProcessDefinitionParserException {
+		try (InputStream in = getClass().getResourceAsStream("InvalidProcessDefinition_NoStartEvents.xml")) {
+			new ProcessDefinitionParser().parse(in);
+		}
+	}
+	
+	@Test
+	public void testParseSampleProcessDefinition() throws IOException, ProcessDefinitionParserException {
+		try (InputStream in = getClass().getResourceAsStream("SampleProcessDefinition1.xml")) {
+			
+			ProcessDefinitionParser parser = new ProcessDefinitionParser();
+			ProcessDefinition pd = parser.parse(in);
+			
+			assertNotNull(pd);
+			assertEquals("SampleProcess1", pd.getId());
+			
+			// first assert tasks then transitions
+			// start event
+			StartEvent startEvent = pd.getStartEvent();
+			assertNotNull(startEvent);
+			assertEquals("start", startEvent.getId());
+			assertEquals(startEvent, pd.getProcessNode("start"));
+			// task1
+			ProcessNode processNode = pd.getProcessNode("task1");
+			assertNotNull(processNode);
+			assertTrue(processNode instanceof TaskInfo);
+			TaskInfo task1 = (TaskInfo) processNode;
+			assertEquals("task1", task1.getId());
+			assertFalse(task1.isAsync());
+			// task2 
+			processNode = pd.getProcessNode("task2");
+			assertNotNull(processNode);
+			assertTrue(processNode instanceof TaskInfo);
+			TaskInfo task2 = (TaskInfo) processNode;
+			assertEquals("task2", task2.getId());
+			assertTrue(task2.isAsync());
+			// end event
+			processNode = pd.getProcessNode("end");
+			assertNotNull(processNode);
+			assertTrue(processNode instanceof EndEvent);
+			EndEvent endEvent = (EndEvent) processNode;
+			assertEquals("end", endEvent.getId());
+			
+			// assert transitions
+			// start event
+			assertNotNull(startEvent.getIncomingTransitions());
+			assertTrue(startEvent.getIncomingTransitions().isEmpty());
+			assertNotNull(startEvent.getOutgoingTransitions());
+			assertEquals(1, startEvent.getOutgoingTransitions().size());
+			// transition from start to task1
+			Transition startToTask1 = startEvent.getOutgoingTransitions().get(0);
+			assertEquals("fromStart", startToTask1.getId());
+			assertEquals(startEvent, startToTask1.getFrom());
+			assertEquals(task1, startToTask1.getTo());
+			assertEquals("true", startToTask1.getConditionExpression());
+			// task1
+			assertNotNull(task1.getIncomingTransitions());
+			assertEquals(1, task1.getIncomingTransitions().size());
+			assertEquals(startToTask1, task1.getIncomingTransitions().get(0));
+			assertNotNull(task1.getOutgoingTransitions());
+			assertEquals(1, task1.getOutgoingTransitions().size());
+			// transition from task1 to task2
+			Transition task1ToTask2 = task1.getOutgoingTransitions().get(0);
+			assertNull(task1ToTask2.getId());
+			assertEquals(task1, task1ToTask2.getFrom());
+			assertEquals(task2, task1ToTask2.getTo());
+			assertNull(task1ToTask2.getConditionExpression());
+			// task2
+			assertNotNull(task2.getIncomingTransitions());
+			assertEquals(1, task2.getIncomingTransitions().size());
+			assertEquals(task1ToTask2, task2.getIncomingTransitions().get(0));
+			assertNotNull(task2.getOutgoingTransitions());
+			assertEquals(1, task2.getOutgoingTransitions().size());
+			// transition from task2 to end
+			Transition task2ToEnd = task2.getOutgoingTransitions().get(0);
+			assertNull(task2ToEnd.getId());
+			assertEquals(task2, task2ToEnd.getFrom());
+			assertEquals(endEvent, task2ToEnd.getTo());
+			assertNull(task2ToEnd.getConditionExpression());
+			
+		}
+	}
+
+}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessEngineTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessEngineTest.java
new file mode 100644
index 000000000..8c718a9e4
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/test/ProcessEngineTest.java
@@ -0,0 +1,67 @@
+package at.gv.egovernment.moa.id.process.test;
+
+import static at.gv.egovernment.moa.id.process.ProcessInstanceState.ENDED;
+import static at.gv.egovernment.moa.id.process.ProcessInstanceState.NOT_STARTED;
+import static at.gv.egovernment.moa.id.process.ProcessInstanceState.SUSPENDED;
+import static org.junit.Assert.assertEquals;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+import at.gv.egovernment.moa.id.process.ProcessDefinitionParser;
+import at.gv.egovernment.moa.id.process.ProcessDefinitionParserException;
+import at.gv.egovernment.moa.id.process.ProcessEngine;
+import at.gv.egovernment.moa.id.process.ProcessEngineImpl;
+import at.gv.egovernment.moa.id.process.ProcessExecutionException;
+import at.gv.egovernment.moa.id.process.ProcessInstance;
+
+public class ProcessEngineTest {
+	
+	private static ProcessEngine pe;
+	
+	@BeforeClass
+	public static void init() throws IOException, ProcessDefinitionParserException {
+		ProcessDefinitionParser pdp = new ProcessDefinitionParser();
+		pe = new ProcessEngineImpl();
+		((ProcessEngineImpl) pe).setTransitionConditionExpressionEvaluator(new BooleanStringExpressionEvaluator());
+		try (InputStream in = ProcessEngineTest.class.getResourceAsStream("SampleProcessDefinition1.xml")) {
+			((ProcessEngineImpl) pe).registerProcessDefinition(pdp.parse(in));
+		}
+		try (InputStream in = ProcessEngineTest.class.getResourceAsStream("SampleProcessDefinition2.xml")) {
+			((ProcessEngineImpl) pe).registerProcessDefinition(pdp.parse(in));
+		}
+	}
+	
+	@Test
+	public void testSampleProcess1() throws IOException, ProcessDefinitionParserException, ProcessExecutionException {
+		ProcessInstance pi = pe.createProcessInstance("SampleProcess1");
+		assertEquals(NOT_STARTED, pi.getState());
+		// start process
+		pe.start(pi);
+		assertEquals(SUSPENDED, pi.getState());
+		System.out.println("Do something asynchronously");
+		pe.signal(pi);
+		assertEquals(ENDED, pi.getState());
+	}
+	
+	@Test
+	public void testSampleProcess2() throws IOException, ProcessDefinitionParserException, ProcessExecutionException {
+		ProcessInstance pi = pe.createProcessInstance("SampleProcess2");
+		assertEquals(NOT_STARTED, pi.getState());
+		// start process
+		pe.start(pi);
+		assertEquals(SUSPENDED, pi.getState());
+		System.out.println("Do something asynchronously");
+		pe.signal(pi);
+		assertEquals(ENDED, pi.getState());
+	}
+	
+	@Test(expected = IllegalArgumentException.class)
+	public void testProcessInstanceDoesNotExist() {
+		pe.getProcessInstance("does not exist");
+	}
+
+}
diff --git a/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/process_engine/test/InvalidProcessDefinition_MultipleStartEvents.xml b/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/process_engine/test/InvalidProcessDefinition_MultipleStartEvents.xml
deleted file mode 100644
index 8a32ca46d..000000000
--- a/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/process_engine/test/InvalidProcessDefinition_MultipleStartEvents.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<tns:ProcessDefinition
-	id="SampleProcess2"
-	xmlns:tns="http://www.datentechnik.com/process-engine/processdefinition/v1"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xsi:schemaLocation="http://www.datentechnik.com/process-engine/processdefinition/v1 ../../main/resources/com/datentechnik_innovation/process_engine/ProcessDefinition.xsd ">
-
-	<tns:StartEvent id="start1" />
-
-	<tns:Task id="task1" class="com.datentechnik.process_engine.test.HelloWorldTask" />
-	<tns:Task id="task2" async="true" class="com.datentechnik.process_engine.test.HalloWeltTask" />
-	<tns:Task id="task3" />
-
-	<tns:StartEvent id="start2" />
-	<tns:EndEvent id="end" />
-
-	<tns:Transition id="fromStart" from="start1" to="task1" conditionExpression="true" />
-	<tns:Transition from="task1" to="task2" />
-	<tns:Transition from="task2" to="task3" />
-	<tns:Transition from="task3" to="end" />
-	
-</tns:ProcessDefinition>
diff --git a/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/process_engine/test/InvalidProcessDefinition_NoStartEvents.xml b/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/process_engine/test/InvalidProcessDefinition_NoStartEvents.xml
deleted file mode 100644
index 754b7a34d..000000000
--- a/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/process_engine/test/InvalidProcessDefinition_NoStartEvents.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<tns:ProcessDefinition
-	id="SampleProcess1"
-	xmlns:tns="http://www.datentechnik.com/process-engine/processdefinition/v1"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xsi:schemaLocation="http://www.datentechnik.com/process-engine/processdefinition/v1 ../../main/resources/com/datentechnik_innovation/process_engine/ProcessDefinition.xsd ">
-
-	<tns:Task id="task1" class="com.datentechnik.process_engine.test.HelloWorldTask" />
-	<tns:Task id="task2" async="true" />
-
-	<tns:EndEvent id="end" />
-
-	<tns:Transition from="task1" to="task2" />
-	<tns:Transition from="task2" to="end" />
-	
-</tns:ProcessDefinition>
diff --git a/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/process_engine/test/InvalidProcessDefinition_TransitionLoop.xml b/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/process_engine/test/InvalidProcessDefinition_TransitionLoop.xml
deleted file mode 100644
index e698f8019..000000000
--- a/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/process_engine/test/InvalidProcessDefinition_TransitionLoop.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<tns:ProcessDefinition
-	id="SampleProcess1"
-	xmlns:tns="http://www.datentechnik.com/process-engine/processdefinition/v1"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xsi:schemaLocation="http://www.datentechnik.com/process-engine/processdefinition/v1 ../../main/resources/com/datentechnik_innovation/process_engine/ProcessDefinition.xsd ">
-
-	<tns:Task id="task1" class="com.datentechnik.process_engine.test.HelloWorldTask" />
-	<tns:Task id="task2" async="true" />
-
-	<tns:StartEvent id="start" />
-	<tns:EndEvent id="end" />
-
-	<tns:Transition id="fromStart" from="start" to="task1" conditionExpression="true" />
-	<tns:Transition from="task1" to="task2" />
-	<tns:Transition from="task2" to="end" />
-
-	<!-- Must be loop since we have no conditionExpression set. -->
-	<tns:Transition id="loop" from="task1" to="task1" />
-	
-</tns:ProcessDefinition>
diff --git a/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/process_engine/test/InvalidProcessDefinition_TransitionRefsTransition.xml b/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/process_engine/test/InvalidProcessDefinition_TransitionRefsTransition.xml
deleted file mode 100644
index 564bf9040..000000000
--- a/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/process_engine/test/InvalidProcessDefinition_TransitionRefsTransition.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<tns:ProcessDefinition
-	id="SampleProcess1"
-	xmlns:tns="http://www.datentechnik.com/process-engine/processdefinition/v1"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xsi:schemaLocation="http://www.datentechnik.com/process-engine/processdefinition/v1 ../../main/resources/com/datentechnik_innovation/process_engine/ProcessDefinition.xsd ">
-
-	<tns:Task id="task1" class="com.datentechnik.process_engine.test.HelloWorldTask" />
-	<tns:Task id="task2" async="true" />
-
-	<tns:StartEvent id="start" />
-	<tns:EndEvent id="end" />
-
-	<tns:Transition id="fromStart" from="start" to="task1" conditionExpression="true" />
-	<tns:Transition from="task1" to="task2" />
-	<tns:Transition id="invalidTransition" from="task1" to="fromStart" />
-	<tns:Transition from="task2" to="end" />
-	
-</tns:ProcessDefinition>
diff --git a/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/process_engine/test/InvalidProcessDefinition_TransitionStartsFromEndEvent.xml b/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/process_engine/test/InvalidProcessDefinition_TransitionStartsFromEndEvent.xml
deleted file mode 100644
index b3d2d2ebc..000000000
--- a/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/process_engine/test/InvalidProcessDefinition_TransitionStartsFromEndEvent.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<tns:ProcessDefinition
-	id="SampleProcess1"
-	xmlns:tns="http://www.datentechnik.com/process-engine/processdefinition/v1"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xsi:schemaLocation="http://www.datentechnik.com/process-engine/processdefinition/v1 ../../main/resources/com/datentechnik_innovation/process_engine/ProcessDefinition.xsd ">
-
-	<tns:Task id="task1" class="com.datentechnik.process_engine.test.HelloWorldTask" />
-	<tns:Task id="task2" async="true" />
-
-	<tns:StartEvent id="start" />
-	<tns:EndEvent id="end" />
-
-	<tns:Transition id="fromStart" from="start" to="task1" conditionExpression="true" />
-	<tns:Transition from="task1" to="task2" />
-	<tns:Transition from="task2" to="end" />
-	<tns:Transition from="end" to="task1" />
-	
-</tns:ProcessDefinition>
diff --git a/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/process_engine/test/SampleProcessDefinition1.xml b/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/process_engine/test/SampleProcessDefinition1.xml
deleted file mode 100644
index ab033fb8f..000000000
--- a/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/process_engine/test/SampleProcessDefinition1.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<tns:ProcessDefinition
-	id="SampleProcess1"
-	xmlns:tns="http://www.datentechnik.com/process-engine/processdefinition/v1"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xsi:schemaLocation="http://www.datentechnik.com/process-engine/processdefinition/v1 ../../main/resources/com/datentechnik_innovation/process_engine/ProcessDefinition.xsd ">
-
-	<tns:Task id="task1" class="com.datentechnik.process_engine.test.HelloWorldTask" />
-	<tns:Task id="task2" async="true" />
-
-	<tns:StartEvent id="start" />
-	<tns:EndEvent id="end" />
-
-	<tns:Transition id="fromStart" from="start" to="task1" conditionExpression="true" />
-	<tns:Transition from="task1" to="task2" />
-	<tns:Transition from="task2" to="end" />
-	
-</tns:ProcessDefinition>
diff --git a/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/process_engine/test/SampleProcessDefinition2.xml b/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/process_engine/test/SampleProcessDefinition2.xml
deleted file mode 100644
index ca2617ce8..000000000
--- a/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/process_engine/test/SampleProcessDefinition2.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<tns:ProcessDefinition
-	id="SampleProcess2"
-	xmlns:tns="http://www.datentechnik.com/process-engine/processdefinition/v1"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xsi:schemaLocation="http://www.datentechnik.com/process-engine/processdefinition/v1 ../../main/resources/com/datentechnik_innovation/process_engine/ProcessDefinition.xsd ">
-
-	<tns:StartEvent id="start" />
-
-	<tns:Task id="task1" class="com.datentechnik.process_engine.test.HelloWorldTask" />
-	<tns:Task id="task2" async="true" class="com.datentechnik.process_engine.test.HalloWeltTask" />
-	<tns:Task id="task3" />
-
-	<tns:EndEvent id="end" />
-
-	<tns:Transition id="fromStart" from="start" to="task1" conditionExpression="true" />
-	<tns:Transition from="task1" to="task2" />
-	<tns:Transition from="task2" to="task3" />
-	<tns:Transition from="task3" to="end" />
-	
-</tns:ProcessDefinition>
diff --git a/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SampleProcessDefinitionForSAML1Authentication.xml b/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SampleProcessDefinitionForSAML1Authentication.xml
index 6525fb0cd..764ad6405 100644
--- a/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SampleProcessDefinitionForSAML1Authentication.xml
+++ b/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SampleProcessDefinitionForSAML1Authentication.xml
@@ -1,41 +1,41 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<pd:ProcessDefinition xmlns:pd="http://www.datentechnik.com/process-engine/processdefinition/v1"
+<pd:ProcessDefinition xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1"
 	id="SampleProcessDefinitionForSAML1Authentication">
 
 	<!--
 		returns String 'bkuURL'
 	-->
-	<pd:Task id="bkuSelectionTask" class="com.datentechnik.process_engine.spring.test.task.SelectBKUTask" />
+	<pd:Task id="bkuSelectionTask" class="at.gv.egovernment.moa.id.process.spring.test.task.SelectBKUTask" />
 
 	<!--
 		requires 'bkuURL'
 		returns String 'IdentityLink'
 	-->
-	<pd:Task id="getIdentityLinkTask" class="com.datentechnik.process_engine.spring.test.task.GetIdentityLinkTask" />
+	<pd:Task id="getIdentityLinkTask" class="at.gv.egovernment.moa.id.process.spring.test.task.GetIdentityLinkTask" />
 
 	<!--
 		requires 'IdentityLink'
 		returns Boolean 'isIdentityLinkValidated'
 	-->
-	<pd:Task id="validateIdentityLinkTask" class="com.datentechnik.process_engine.spring.test.task.ValidateIdentityLinkTask" />
+	<pd:Task id="validateIdentityLinkTask" class="at.gv.egovernment.moa.id.process.spring.test.task.ValidateIdentityLinkTask" />
 
 	<!--
 		requires 'IdentityLink', 'isIdentityLinkValidated', 'bkuURL'
 		returns String 'SignedAuthBlock'
 	-->
-	<pd:Task id="signAuthBlockTask" class="com.datentechnik.process_engine.spring.test.task.SignAuthBlockTask" />
+	<pd:Task id="signAuthBlockTask" class="at.gv.egovernment.moa.id.process.spring.test.task.SignAuthBlockTask" />
 
 	<!--
 		requires 'IdentityLink', 'isIdentityLinkValidated', 'SignedAuthBlock'
 		returns Boolean 'isSignedAuthBlockValidated'
 	-->
-	<pd:Task id="validateSignedAuthBlockTask" class="com.datentechnik.process_engine.spring.test.task.ValidateSignedAuthBlockTask" />
+	<pd:Task id="validateSignedAuthBlockTask" class="at.gv.egovernment.moa.id.process.spring.test.task.ValidateSignedAuthBlockTask" />
 	
 	<!--
 		requires 'IdentityLink', 'isIdentityLinkValidated', 'SignedAuthBlock', 'isSignedAuthBlockValidated';
 		returns 'SAML1Assertion'
 	-->
-	<pd:Task id="createAssertionTask" class="com.datentechnik.process_engine.spring.test.task.CreateSAML1AssertionTask" />
+	<pd:Task id="createAssertionTask" class="at.gv.egovernment.moa.id.process.spring.test.task.CreateSAML1AssertionTask" />
 
 	<pd:StartEvent id="start" />
 	<pd:EndEvent id="end" />
diff --git a/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SampleProcessDefinitionWithExpression1.xml b/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SampleProcessDefinitionWithExpression1.xml
index ef71026ec..dfe186423 100644
--- a/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SampleProcessDefinitionWithExpression1.xml
+++ b/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SampleProcessDefinitionWithExpression1.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<pd:ProcessDefinition xmlns:pd="http://www.datentechnik.com/process-engine/processdefinition/v1"
+<pd:ProcessDefinition xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1"
 	id="SampleProcessWithExpression1">
 
 	<pd:Task id="task1" />
diff --git a/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml b/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml
index eb62d1ae2..1b6b7658e 100644
--- a/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml
+++ b/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionAwareProcessEngineTest-context.xml
@@ -5,21 +5,23 @@
 	xsi:schemaLocation="http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task.xsd
 		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
 
-	<bean id="springElAwareExpressionEvaluator" class="com.datentechnik.process_engine.spring.SpringExpressionEvaluator" />
+	<bean id="springElAwareExpressionEvaluator" class="at.gv.egovernment.moa.id.process.spring.SpringExpressionEvaluator" />
 	
-	<bean id="processEngine" class="com.datentechnik.process_engine.ProcessEngineImpl">
+	<bean id="processEngine" class="at.gv.egovernment.moa.id.process.ProcessEngineImpl">
 		<property name="transitionConditionExpressionEvaluator" ref="springElAwareExpressionEvaluator" />
 		<property name="processInstanceMaxIdleTimeSeconds" value="600" />
+		<!--  
 		<property name="processDefinitions">
 			<list>
 				<bean class="com.datentechnik.process_engine.spring.ProcessDefinitionFactoryBean">
-					<property name="resource" value="classpath:com/datentechnik/process_engine/spring/test/SampleProcessDefinitionWithExpression1.xml" />
+					<property name="resource" value="classpath:at/gv/egovernment/moa/id/process/spring/test/SampleProcessDefinitionWithExpression1.xml" />
 				</bean>
 				<bean class="com.datentechnik.process_engine.spring.ProcessDefinitionFactoryBean">
-					<property name="resource" value="classpath:com/datentechnik/process_engine/spring/test/SampleProcessDefinitionForSAML1Authentication.xml" />
+					<property name="resource" value="classpath:at/gv/egovernment/moa/id/process/spring/test/SampleProcessDefinitionForSAML1Authentication.xml" />
 				</bean>
 			</list>
 		</property>
+		 -->
 	</bean>
 	
 	<task:scheduler id="taskScheduler" pool-size="1" />
diff --git a/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionEvaluatorTest-context.xml b/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionEvaluatorTest-context.xml
index dadc6bf81..95b88ca1a 100644
--- a/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionEvaluatorTest-context.xml
+++ b/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/spring/test/SpringExpressionEvaluatorTest-context.xml
@@ -3,12 +3,12 @@
 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
 
-	<bean id="simplePojo" class="com.datentechnik.process_engine.spring.test.SimplePojo">
+	<bean id="simplePojo" class="at.gv.egovernment.moa.id.process.spring.test.SimplePojo">
 		<property name="booleanValue" value="true" />
 		<property name="integerValue" value="42" />
 		<property name="stringValue" value="HelloWorld" />
 	</bean>
 	
-	<bean id="expressionEvaluator" class="com.datentechnik.process_engine.spring.SpringExpressionEvaluator" />
+	<bean id="expressionEvaluator" class="at.gv.egovernment.moa.id.process.spring.SpringExpressionEvaluator" />
 
 </beans>
diff --git a/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/test/InvalidProcessDefinition_MultipleStartEvents.xml b/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/test/InvalidProcessDefinition_MultipleStartEvents.xml
new file mode 100644
index 000000000..17fa17cb4
--- /dev/null
+++ b/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/test/InvalidProcessDefinition_MultipleStartEvents.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<tns:ProcessDefinition
+	id="SampleProcess2"
+	xmlns:tns="http://reference.e-government.gv.at/namespace/moa/process/definition/v1"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://reference.e-government.gv.at/namespace/moa/process/definition/v1 ../../main/resources/at/gv/egovernment/moa/id/process/ProcessDefinition.xsd ">
+
+	<tns:StartEvent id="start1" />
+
+	<tns:Task id="task1" class="at.gv.egovernment.moa.id.process.test.HelloWorldTask" />
+	<tns:Task id="task2" async="true" class="at.gv.egovernment.moa.id.process.test.HalloWeltTask" />
+	<tns:Task id="task3" />
+
+	<tns:StartEvent id="start2" />
+	<tns:EndEvent id="end" />
+
+	<tns:Transition id="fromStart" from="start1" to="task1" conditionExpression="true" />
+	<tns:Transition from="task1" to="task2" />
+	<tns:Transition from="task2" to="task3" />
+	<tns:Transition from="task3" to="end" />
+	
+</tns:ProcessDefinition>
diff --git a/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/test/InvalidProcessDefinition_NoStartEvents.xml b/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/test/InvalidProcessDefinition_NoStartEvents.xml
new file mode 100644
index 000000000..008309e3a
--- /dev/null
+++ b/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/test/InvalidProcessDefinition_NoStartEvents.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<tns:ProcessDefinition
+	id="SampleProcess1"
+	xmlns:tns="http://reference.e-government.gv.at/namespace/moa/process/definition/v1"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://reference.e-government.gv.at/namespace/moa/process/definition/v1 ../../main/resources/at/gv/egovernment/moa/id/process/ProcessDefinition.xsd ">
+
+	<tns:Task id="task1" class="at.gv.egovernment.moa.id.process.test.HelloWorldTask" />
+	<tns:Task id="task2" async="true" />
+
+	<tns:EndEvent id="end" />
+
+	<tns:Transition from="task1" to="task2" />
+	<tns:Transition from="task2" to="end" />
+	
+</tns:ProcessDefinition>
diff --git a/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/test/InvalidProcessDefinition_TransitionLoop.xml b/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/test/InvalidProcessDefinition_TransitionLoop.xml
new file mode 100644
index 000000000..14b281192
--- /dev/null
+++ b/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/test/InvalidProcessDefinition_TransitionLoop.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<tns:ProcessDefinition
+	id="SampleProcess1"
+	xmlns:tns="http://reference.e-government.gv.at/namespace/moa/process/definition/v1"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://reference.e-government.gv.at/namespace/moa/process/definition/v1 ../../main/resources/at/gv/egovernment/moa/id/process/ProcessDefinition.xsd ">
+
+	<tns:Task id="task1" class="at.gv.egovernment.moa.id.process.test.HelloWorldTask" />
+	<tns:Task id="task2" async="true" />
+
+	<tns:StartEvent id="start" />
+	<tns:EndEvent id="end" />
+
+	<tns:Transition id="fromStart" from="start" to="task1" conditionExpression="true" />
+	<tns:Transition from="task1" to="task2" />
+	<tns:Transition from="task2" to="end" />
+
+	<!-- Must be loop since we have no conditionExpression set. -->
+	<tns:Transition id="loop" from="task1" to="task1" />
+	
+</tns:ProcessDefinition>
diff --git a/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/test/InvalidProcessDefinition_TransitionRefsTransition.xml b/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/test/InvalidProcessDefinition_TransitionRefsTransition.xml
new file mode 100644
index 000000000..1152f3503
--- /dev/null
+++ b/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/test/InvalidProcessDefinition_TransitionRefsTransition.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<tns:ProcessDefinition
+	id="SampleProcess1"
+	xmlns:tns="http://reference.e-government.gv.at/namespace/moa/process/definition/v1"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://reference.e-government.gv.at/namespace/moa/process/definition/v1 ../../main/resources/at/gv/egovernment/moa/id/process/ProcessDefinition.xsd ">
+
+	<tns:Task id="task1" class="at.gv.egovernment.moa.id.process.test.HelloWorldTask" />
+	<tns:Task id="task2" async="true" />
+
+	<tns:StartEvent id="start" />
+	<tns:EndEvent id="end" />
+
+	<tns:Transition id="fromStart" from="start" to="task1" conditionExpression="true" />
+	<tns:Transition from="task1" to="task2" />
+	<tns:Transition id="invalidTransition" from="task1" to="fromStart" />
+	<tns:Transition from="task2" to="end" />
+	
+</tns:ProcessDefinition>
diff --git a/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/test/InvalidProcessDefinition_TransitionStartsFromEndEvent.xml b/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/test/InvalidProcessDefinition_TransitionStartsFromEndEvent.xml
new file mode 100644
index 000000000..94bd25c9a
--- /dev/null
+++ b/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/test/InvalidProcessDefinition_TransitionStartsFromEndEvent.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<tns:ProcessDefinition
+	id="SampleProcess1"
+	xmlns:tns="http://reference.e-government.gv.at/namespace/moa/process/definition/v1"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://reference.e-government.gv.at/namespace/moa/process/definition/v1 ../../main/resources/at/gv/egovernment/moa/id/process/ProcessDefinition.xsd ">
+
+	<tns:Task id="task1" class="at.gv.egovernment.moa.id.process.test.HelloWorldTask" />
+	<tns:Task id="task2" async="true" />
+
+	<tns:StartEvent id="start" />
+	<tns:EndEvent id="end" />
+
+	<tns:Transition id="fromStart" from="start" to="task1" conditionExpression="true" />
+	<tns:Transition from="task1" to="task2" />
+	<tns:Transition from="task2" to="end" />
+	<tns:Transition from="end" to="task1" />
+	
+</tns:ProcessDefinition>
diff --git a/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/test/SampleProcessDefinition1.xml b/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/test/SampleProcessDefinition1.xml
new file mode 100644
index 000000000..c161900c5
--- /dev/null
+++ b/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/test/SampleProcessDefinition1.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<tns:ProcessDefinition
+	id="SampleProcess1"
+	xmlns:tns="http://reference.e-government.gv.at/namespace/moa/process/definition/v1"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://reference.e-government.gv.at/namespace/moa/process/definition/v1 ../../main/resources/at/gv/egovernment/moa/id/process/ProcessDefinition.xsd ">
+
+	<tns:Task id="task1" class="at.gv.egovernment.moa.id.process.test.HelloWorldTask" />
+	<tns:Task id="task2" async="true" />
+
+	<tns:StartEvent id="start" />
+	<tns:EndEvent id="end" />
+
+	<tns:Transition id="fromStart" from="start" to="task1" conditionExpression="true" />
+	<tns:Transition from="task1" to="task2" />
+	<tns:Transition from="task2" to="end" />
+	
+</tns:ProcessDefinition>
diff --git a/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/test/SampleProcessDefinition2.xml b/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/test/SampleProcessDefinition2.xml
new file mode 100644
index 000000000..9e419e124
--- /dev/null
+++ b/id/server/idserverlib/src/test/resources/at/gv/egovernment/moa/id/process/test/SampleProcessDefinition2.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<tns:ProcessDefinition
+	id="SampleProcess2"
+	xmlns:tns="http://reference.e-government.gv.at/namespace/moa/process/definition/v1"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://reference.e-government.gv.at/namespace/moa/process/definition/v1 ../../main/resources/at/gv/egovernment/moa/id/process/ProcessDefinition.xsd ">
+
+	<tns:StartEvent id="start" />
+
+	<tns:Task id="task1" class="at.gv.egovernment.moa.id.process.test.HelloWorldTask" />
+	<tns:Task id="task2" async="true" class="at.gv.egovernment.moa.id.process.test.HelloWorldTask" />
+	<tns:Task id="task3" />
+
+	<tns:EndEvent id="end" />
+
+	<tns:Transition id="fromStart" from="start" to="task1" conditionExpression="true" />
+	<tns:Transition from="task1" to="task2" />
+	<tns:Transition from="task2" to="task3" />
+	<tns:Transition from="task3" to="end" />
+	
+</tns:ProcessDefinition>
-- 
cgit v1.2.3


From 88f2ac75cf316c755e35303cf2d6faa2343b9408 Mon Sep 17 00:00:00 2001
From: Thomas Knall <t.knall@datentechnik-innovation.com>
Date: Thu, 29 Jan 2015 17:13:21 +0100
Subject: Perform some cleanup

- Remove ProcessDefinitionFactoryBean from applicationContext.xml.
- Minor code cleanup.
---
 id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml      | 7 ++-----
 id/server/auth/src/main/webapp/WEB-INF/web.xml                     | 2 ++
 .../moa/id/moduls/moduleregistration/ModuleRegistration.java       | 2 +-
 3 files changed, 5 insertions(+), 6 deletions(-)

(limited to 'id/server/auth/src')

diff --git a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml
index 65a9e7176..818524e49 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml
@@ -17,11 +17,6 @@
 			<bean class="com.datentechnik.process_engine.spring.SpringExpressionEvaluator" />
 		</property>
 		<property name="processInstanceMaxIdleTimeSeconds" value="600" />
-		<property name="processDefinitions">
-			<bean class="com.datentechnik.process_engine.spring.ProcessDefinitionsFactoryBean">
-				<property name="resources" value="classpath:resources/processes/*.process.xml" />
-			</bean>
-		</property>
 	</bean>
 	
 	<task:scheduler id="taskScheduler" pool-size="1" />
@@ -30,5 +25,7 @@
 	</task:scheduled-tasks>
 	
 	<bean id="authenticationManager" class="at.gv.egovernment.moa.id.moduls.AuthenticationManager" factory-method="getInstance" />
+
 	<bean id="moduleRegistration" class="at.gv.egovernment.moa.id.moduls.moduleregistration.ModuleRegistration" factory-method="getInstance" />
+
 </beans>
diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml
index 2dbceb4e9..10c772aca 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/web.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml
@@ -138,6 +138,8 @@
 	</servlet>
 	<servlet-mapping>
 		<servlet-name>ProcessEngineSignal</servlet-name>
+		<url-pattern>/signalProcess</url-pattern>
+		<!-- legacy url patterns -->
 		<url-pattern>/GetMISSessionID</url-pattern>
 		<url-pattern>/GetForeignID</url-pattern>
 		<url-pattern>/VerifyAuthBlock</url-pattern>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/moduleregistration/ModuleRegistration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/moduleregistration/ModuleRegistration.java
index 35fbce053..7e16cf637 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/moduleregistration/ModuleRegistration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/moduleregistration/ModuleRegistration.java
@@ -98,7 +98,7 @@ public class ModuleRegistration {
 		for (String uri : module.getProcessDefinitions()) {
 			Resource resource = ctx.getResource(uri);
 			if (resource.isReadable()) {
-				log.info("Registering process definition resource: '{}'.", resource);
+				log.info("Registering process definition resource: '{}'.", uri);
 				try (InputStream processDefinitionInputStream = resource.getInputStream()) {
 					processEngine.registerProcessDefinition(processDefinitionInputStream);
 				} catch (IOException e) {
-- 
cgit v1.2.3


From 6371e01c520de77b0f37f59c72dbe20fce88c91a Mon Sep 17 00:00:00 2001
From: Thomas Knall <t.knall@datentechnik-innovation.com>
Date: Fri, 30 Jan 2015 08:53:27 +0100
Subject: Add Spring based discovery for STORKAuthModule

- Add wildcard import to applicationContext.xml
- Add some javadoc to AuthModule interface.
- Remove STORKAuthModuleImpl from serviceloader based registration.
---
 .../src/main/webapp/WEB-INF/applicationContext.xml |  3 +++
 id/server/auth/src/main/webapp/WEB-INF/web.xml     |  3 ++-
 .../modules/internal/DefaultAuthModuleImpl.java    |  4 +++-
 .../auth/modules/stork/STORK.authmodule.beans.xml  | 14 +++++++++++++
 .../id/auth/modules/stork/STORKAuthModuleImpl.java | 17 ++++++++++++++--
 .../id/moduls/moduleregistration/AuthModule.java   | 23 +++++++++++-----------
 ...ent.moa.id.moduls.moduleregistration.AuthModule |  1 -
 7 files changed, 49 insertions(+), 16 deletions(-)
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORK.authmodule.beans.xml

(limited to 'id/server/auth/src')

diff --git a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml
index 818524e49..d9e254451 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml
@@ -27,5 +27,8 @@
 	<bean id="authenticationManager" class="at.gv.egovernment.moa.id.moduls.AuthenticationManager" factory-method="getInstance" />
 
 	<bean id="moduleRegistration" class="at.gv.egovernment.moa.id.moduls.moduleregistration.ModuleRegistration" factory-method="getInstance" />
+	
+	<!-- import auth modules -->
+	<import resource="classpath*:**/*.authmodule.beans.xml" />
 
 </beans>
diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml
index 10c772aca..f81e01ccd 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/web.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml
@@ -138,8 +138,9 @@
 	</servlet>
 	<servlet-mapping>
 		<servlet-name>ProcessEngineSignal</servlet-name>
+		<!-- Use this url-pattern in order to signal the next (asynchronous) task. -->
 		<url-pattern>/signalProcess</url-pattern>
-		<!-- legacy url patterns -->
+		<!-- legacy url patterns for asynchronous tasks -->
 		<url-pattern>/GetMISSessionID</url-pattern>
 		<url-pattern>/GetForeignID</url-pattern>
 		<url-pattern>/VerifyAuthBlock</url-pattern>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthModuleImpl.java
index 99c28fd7f..35c7e5c79 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthModuleImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthModuleImpl.java
@@ -6,11 +6,13 @@ import at.gv.egovernment.moa.id.moduls.moduleregistration.AuthModule;
 
 import com.datentechnik.process_engine.api.ExecutionContext;
 
+/**
+ * Module descriptor
+ */
 public class DefaultAuthModuleImpl implements AuthModule {
 
 	@Override
 	public int getPriority() {
-		// neutral priority between Integer.MIN_VALUE and Integer.MAX_VALUE
 		return 0;
 	}
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORK.authmodule.beans.xml b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORK.authmodule.beans.xml
new file mode 100644
index 000000000..2e924bdd0
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORK.authmodule.beans.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:context="http://www.springframework.org/schema/context"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
+
+	<context:annotation-config />
+
+	<bean id="storkAuthModule" class="at.gv.egovernment.moa.id.auth.modules.stork.STORKAuthModuleImpl">
+		<property name="priority" value="0" />
+	</bean>
+
+</beans>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthModuleImpl.java
index 140334b36..52423166a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthModuleImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthModuleImpl.java
@@ -6,12 +6,25 @@ import com.datentechnik.process_engine.api.ExecutionContext;
 
 import at.gv.egovernment.moa.id.moduls.moduleregistration.AuthModule;
 
+/**
+ * Module descriptor for an auth module providing stork authentication related processes.
+ * @author tknall
+ */
 public class STORKAuthModuleImpl implements AuthModule {
+	
+	private int priority = 0;
 
 	@Override
 	public int getPriority() {
-		// neutral priority between Integer.MIN_VALUE and Integer.MAX_VALUE
-		return 0;
+		return priority;
+	}
+
+	/**
+	 * Sets the priority of this module. Default value is {@code 0}.
+	 * @param priority The priority.
+	 */
+	public void setPriority(int priority) {
+		this.priority = priority;
 	}
 
 	@Override
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/moduleregistration/AuthModule.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/moduleregistration/AuthModule.java
index 35273cd2b..fa0149c17 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/moduleregistration/AuthModule.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/moduleregistration/AuthModule.java
@@ -9,31 +9,32 @@ import com.datentechnik.process_engine.model.ProcessDefinition;
 public interface AuthModule {
 
 	/**
-	 * Returns the priority of the module. The priority defines the place in the
-	 * order of modules. The module with a highest priority is asked first, if
-	 * it has a process which can do an authentication.
+	 * Returns the priority of the module. The priority defines the order of the respective module within the chain of
+	 * discovered modules. Higher priorized modules are asked before lower priorized modules for a process that they can
+	 * handle.
+	 * <p/>
+	 * Internal default modules are priorized neutral ({@code 0}. Use a higher priority ({@code 1...Integer.MAX_VALUE})
+	 * in order to have your module(s) priorized or a lower priority ({@code Integer.MIN_VALUE...-1}) in order to put
+	 * your modules behind default modules.
 	 * 
 	 * @return the priority of the module.
 	 */
 	int getPriority();
 
 	/**
-	 * Checks if the module has a process, which is able to perform an authentication
-	 * with the given {@link ExecutionContext}.
+	 * Checks if the module has a process, which is able to perform an authentication with the given
+	 * {@link ExecutionContext}.
 	 * 
 	 * @param context
 	 *            an ExecutionContext for a process.
-	 * @return the process-ID of a process which is able to work with the given
-	 *         ExecutionContext, or {@code null}.
+	 * @return the process-ID of a process which is able to work with the given ExecutionContext, or {@code null}.
 	 */
 	String selectProcess(ExecutionContext context);
 
 	/**
-	 * Returns the an Array of {@link ProcessDefinition}s of the processes
-	 * included in this module.
+	 * Returns the an Array of {@link ProcessDefinition}s of the processes included in this module.
 	 * 
-	 * @return an array of resource uris of the processes included in this
-	 *         module.
+	 * @return an array of resource uris of the processes included in this module.
 	 */
 	String[] getProcessDefinitions();
 
diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.moduleregistration.AuthModule b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.moduleregistration.AuthModule
index 03cb2c631..865096055 100644
--- a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.moduleregistration.AuthModule
+++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.moduleregistration.AuthModule
@@ -1,3 +1,2 @@
 # The default moaid process
 at.gv.egovernment.moa.id.auth.modules.internal.DefaultAuthModuleImpl
-at.gv.egovernment.moa.id.auth.modules.stork.STORKAuthModuleImpl
-- 
cgit v1.2.3


From 373641cfb0e404e89f4d9a011ae53d8b8cfc06c5 Mon Sep 17 00:00:00 2001
From: Thomas Knall <t.knall@datentechnik-innovation.com>
Date: Fri, 30 Jan 2015 10:45:59 +0100
Subject: Add dynamic servlet registration for STORK processes.

- Add STORKWebApplicationInitializer.java
- Adjust web.xml
- Move STORK.authmodule.beans.xml to src/main/resources/...
---
 id/server/auth/src/main/webapp/WEB-INF/web.xml     |  5 ++-
 .../auth/modules/stork/STORK.authmodule.beans.xml  | 14 --------
 .../stork/STORKWebApplicationInitializer.java      | 37 ++++++++++++++++++++++
 .../auth/modules/stork/STORK.authmodule.beans.xml  | 14 ++++++++
 4 files changed, 55 insertions(+), 15 deletions(-)
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORK.authmodule.beans.xml
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORKWebApplicationInitializer.java
 create mode 100644 id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/stork/STORK.authmodule.beans.xml

(limited to 'id/server/auth/src')

diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml
index f81e01ccd..41c46bd22 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/web.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml
@@ -140,14 +140,17 @@
 		<servlet-name>ProcessEngineSignal</servlet-name>
 		<!-- Use this url-pattern in order to signal the next (asynchronous) task. -->
 		<url-pattern>/signalProcess</url-pattern>
-		<!-- legacy url patterns for asynchronous tasks -->
+		<!-- legacy url patterns for asynchronous tasks (internal default module/processes) -->
 		<url-pattern>/GetMISSessionID</url-pattern>
 		<url-pattern>/GetForeignID</url-pattern>
 		<url-pattern>/VerifyAuthBlock</url-pattern>
 		<url-pattern>/VerifyCertificate</url-pattern>
 		<url-pattern>/VerifyIdentityLink</url-pattern>
+		<!-- STORK servlet mappings; automatically registered by the stork module -->
+		<!--
 		<url-pattern>/PEPSConnectorWithLocalSigning</url-pattern>
 		<url-pattern>/PEPSConnector</url-pattern>
+		-->
 	</servlet-mapping>
 
 	<session-config>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORK.authmodule.beans.xml b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORK.authmodule.beans.xml
deleted file mode 100644
index 2e924bdd0..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORK.authmodule.beans.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xmlns:context="http://www.springframework.org/schema/context"
-	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
-		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
-
-	<context:annotation-config />
-
-	<bean id="storkAuthModule" class="at.gv.egovernment.moa.id.auth.modules.stork.STORKAuthModuleImpl">
-		<property name="priority" value="0" />
-	</bean>
-
-</beans>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORKWebApplicationInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORKWebApplicationInitializer.java
new file mode 100644
index 000000000..7478a57c3
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORKWebApplicationInitializer.java
@@ -0,0 +1,37 @@
+package at.gv.egovernment.moa.id.auth.modules.stork;
+
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRegistration;
+
+import org.springframework.web.WebApplicationInitializer;
+
+import at.gv.egovernment.moa.id.auth.servlet.ProcessEngineSignalServlet;
+
+/**
+ * Spring automatically discovers {@link WebApplicationInitializer} implementations at startup.<br/>
+ * This STORK webapp initializer adds the required servlet mappings:
+ * <ul>
+ * <li>{@code /PEPSConnector}</li>
+ * <li>{@code /PEPSConnectorWithLocalSigning}</li>
+ * </ul>
+ * for the {@linkplain ProcessEngineSignalServlet process engine servlet} (named {@code ProcessEngineSignal}) that wakes
+ * up a process in order to execute asynchronous tasks. Therefore the servlet mappings mentioned above do not need to be
+ * declared in {@code web.xml}.
+ * 
+ * @author tknall
+ * @see ProcessEngineSignalServlet
+ */
+public class STORKWebApplicationInitializer implements WebApplicationInitializer {
+
+	@Override
+	public void onStartup(ServletContext servletContext) throws ServletException {
+		ServletRegistration servletRegistration = servletContext.getServletRegistration("ProcessEngineSignal");
+		if (servletRegistration == null) {
+			throw new IllegalStateException("Servlet 'ProcessEngineSignal' expected to be registered.");
+		}
+		servletRegistration.addMapping("/PEPSConnectorWithLocalSigning");
+		servletRegistration.addMapping("/PEPSConnector");
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/stork/STORK.authmodule.beans.xml b/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/stork/STORK.authmodule.beans.xml
new file mode 100644
index 000000000..2e924bdd0
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/stork/STORK.authmodule.beans.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:context="http://www.springframework.org/schema/context"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
+
+	<context:annotation-config />
+
+	<bean id="storkAuthModule" class="at.gv.egovernment.moa.id.auth.modules.stork.STORKAuthModuleImpl">
+		<property name="priority" value="0" />
+	</bean>
+
+</beans>
-- 
cgit v1.2.3


From 9c76562c98ff7ec8ccb2749ccd85309bfd3096b6 Mon Sep 17 00:00:00 2001
From: Thomas Knall <t.knall@datentechnik-innovation.com>
Date: Fri, 30 Jan 2015 13:47:25 +0100
Subject: Fix applicationContext.xml and STORKAuthentication.process.xml

---
 id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml       | 2 +-
 .../moa/id/auth/modules/stork/STORKAuthentication.process.xml       | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

(limited to 'id/server/auth/src')

diff --git a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml
index 2c699f24d..df59c2739 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml
@@ -11,7 +11,7 @@
 
 	<bean id="processEngine" class="at.gv.egovernment.moa.id.process.ProcessEngineImpl">
 		<property name="transitionConditionExpressionEvaluator">
-			<bean class="com.datentechnik.process_engine.spring.SpringExpressionEvaluator" />
+			<bean class="at.gv.egovernment.moa.id.process.spring.SpringExpressionEvaluator" />
 		</property>
 		<property name="processInstanceMaxIdleTimeSeconds" value="600" />
 	</bean>
diff --git a/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthentication.process.xml b/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthentication.process.xml
index 73f4837e1..60989e638 100644
--- a/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthentication.process.xml
+++ b/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthentication.process.xml
@@ -1,8 +1,8 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<pd:ProcessDefinition id="STORKAuthentication" xmlns:pd="<pd:ProcessDefinition id="DefaultAuthentication" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1">">
+<pd:ProcessDefinition id="STORKAuthentication" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1">
 
-<!--at.gv.egovernment.moa.id.auth.modules.stork.tasks.AbstractPepsConnectorWithLocalSigningTask
-	- STORK authentication both with C-PEPS supporting xml signatures and with C-PEPS not supporting xml signatures.
+<!--
+	STORK authentication both with C-PEPS supporting xml signatures and with C-PEPS not supporting xml signatures.
 -->
 	<pd:Task id="createStorkAuthRequestForm"      class="at.gv.egovernment.moa.id.auth.modules.stork.tasks.CreateStorkAuthRequestFormTask" />
 	<pd:Task id="pepsConnector"                   class="at.gv.egovernment.moa.id.auth.modules.stork.tasks.PepsConnectorTask"                               async="true" />
-- 
cgit v1.2.3


From 23fc42a3c273ceb05938c741508537bfaedab00a Mon Sep 17 00:00:00 2001
From: Christian Wagner <c.wagner@datentechnik-innovation.com>
Date: Fri, 30 Jan 2015 14:24:45 +0100
Subject: add persistence to process-engine

additionally remove unnecessary method in the DAO
---
 .../src/main/webapp/WEB-INF/applicationContext.xml |  13 --
 .../servlet/GenerateIFrameTemplateServlet.java     |  15 +-
 .../auth/servlet/ProcessEngineSignalServlet.java   |   3 +-
 .../moa/id/moduls/AuthenticationManager.java       |  12 +-
 .../egovernment/moa/id/process/ProcessEngine.java  |  57 +++---
 .../moa/id/process/ProcessEngineImpl.java          | 191 ++++++++++++++-------
 .../moa/id/process/dao/ProcessInstanceStore.java   |   6 +-
 .../id/process/dao/ProcessInstanceStoreDAO.java    |  10 --
 .../process/dao/ProcessInstanceStoreDAOImpl.java   |  29 ----
 .../id/storage/AuthenticationSessionStoreage.java  |  20 ++-
 10 files changed, 176 insertions(+), 180 deletions(-)

(limited to 'id/server/auth/src')

diff --git a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml
index a251064f6..c7b4e6419 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml
@@ -13,21 +13,8 @@
 		<property name="transitionConditionExpressionEvaluator">
 			<bean class="at.gv.egovernment.moa.id.process.spring.SpringExpressionEvaluator" />
 		</property>
-		<property name="processInstanceMaxIdleTimeSeconds" value="600" />
-	<!--
-		<property name="processDefinitions">
-			<bean class="com.datentechnik.process_engine.spring.ProcessDefinitionsFactoryBean">
-				<property name="resources" value="classpath:resources/processes/*.process.xml" />
-			</bean>
-		</property>
-	-->
 	</bean>
 	
-	<task:scheduler id="taskScheduler" pool-size="1" />
-	<task:scheduled-tasks scheduler="taskScheduler">
-		<task:scheduled ref="processEngine" method="cleanup" fixed-delay="60000" />
-	</task:scheduled-tasks>
-	
 	<bean id="authenticationManager" class="at.gv.egovernment.moa.id.moduls.AuthenticationManager" factory-method="getInstance" />
 	<bean id="moduleRegistration" class="at.gv.egovernment.moa.id.moduls.moduleregistration.ModuleRegistration" factory-method="getInstance" />
 </beans>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
index 7f53a1a13..d6c15c658 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
@@ -155,7 +155,7 @@ public class GenerateIFrameTemplateServlet extends AuthServlet {
 
 			// select and create process instance
 			String processDefinitionId = ModuleRegistration.getInstance().selectProcess(ec);
-			ProcessInstance pi = getProcessEngine().createProcessInstance(processDefinitionId, ec);
+			String processInstanceId = getProcessEngine().createProcessInstance(processDefinitionId, ec);
 
 			if (processDefinitionId == null) {
 				Logger.warn("No suitable process found for SessionID " + moasession.getSessionID());
@@ -163,21 +163,20 @@ public class GenerateIFrameTemplateServlet extends AuthServlet {
 			}
 
 			// keep process instance id in moa session
-			moasession.setProcessInstanceId(pi.getId());
+			moasession.setProcessInstanceId(processInstanceId);
 
 			// make sure moa session has been persisted before running the process
 			try {
 				AuthenticationSessionStoreage.storeSession(moasession);
 			} catch (MOADatabaseException e) {
 				Logger.error("Database Error! MOASession is not stored!");
-				throw new MOAIDException("init.04", new Object[] {
-						moasession.getSessionID()});
+				throw new MOAIDException("init.04", new Object[] { moasession.getSessionID() });
 			}
-	    	
-	    	// start process
-	    	getProcessEngine().start(pi);
 
-	    } 
+			// start process
+			getProcessEngine().start(processInstanceId);
+
+		}
 	    catch (WrongParametersException ex) {
 	    	handleWrongParameters(ex, req, resp);
 	    }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java
index c172124d2..4aff6ba38 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java
@@ -72,8 +72,7 @@ public class ProcessEngineSignalServlet extends AuthServlet {
 			}
 
 			// wake up next task
-			ProcessInstance pi = getProcessEngine().getProcessInstance(session.getProcessInstanceId());
-			getProcessEngine().signal(pi);
+			getProcessEngine().signal(session.getProcessInstanceId());
 
 		} catch (Exception ex) {
 			handleError(null, ex, req, resp, null);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index ffb5e3d65..0a7f71713 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -80,7 +80,6 @@ import at.gv.egovernment.moa.id.moduls.moduleregistration.ModuleRegistration;
 import at.gv.egovernment.moa.id.process.ExecutionContextImpl;
 import at.gv.egovernment.moa.id.process.ProcessEngine;
 import at.gv.egovernment.moa.id.process.ProcessExecutionException;
-import at.gv.egovernment.moa.id.process.ProcessInstance;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
@@ -324,7 +323,7 @@ public class AuthenticationManager implements MOAIDAuthConstants {
 		try {
 			authSession = AuthenticationSessionStoreage
 					.getSession(moaSessionID);
-		
+
 			if(authSession == null) {
 				Logger.info("NO MOA Authentication data for ID " + moaSessionID);
 				return;
@@ -562,9 +561,10 @@ public class AuthenticationManager implements MOAIDAuthConstants {
 							moasession.getSessionID()});
 				}
 
-				ProcessInstance pi = processEngine.createProcessInstance(processDefinitionId, executionContext);
+				String processInstanceId = processEngine.createProcessInstance(processDefinitionId, executionContext);
+
 				// keep process instance id in moa session
-				moasession.setProcessInstanceId(pi.getId());
+				moasession.setProcessInstanceId(processInstanceId);
 
 				// make sure moa session has been persisted before running the process
 				try {
@@ -574,9 +574,9 @@ public class AuthenticationManager implements MOAIDAuthConstants {
 					throw new MOAIDException("init.04", new Object[] {
 							moasession.getSessionID()});
 				}
-				
+
 		    	// start process
-		    	processEngine.start(pi);
+				processEngine.start(processInstanceId);
 			    
 			} else {
 				//load Parameters from OnlineApplicationConfiguration
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java
index 2d9dcff8e..535070107 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java
@@ -31,35 +31,35 @@ public interface ProcessEngine {
 	void registerProcessDefinition(InputStream processDefinitionInputStream) throws ProcessDefinitionParserException;
 
 	/**
-	 * Creates a process instance according to the referenced process definition.
+	 * Creates a process instance according to the referenced process definition, persists it into the database and returns it identifier.
 	 * <p/>
-	 * Note that the method returns a process instance which will be needed in order to start a process or to continue
-	 * process execution after asynchronous task execution (refer to {@link #start(ProcessInstance)} and
-	 * {@link #signal(ProcessInstance)} for further information).
+	 * Note that the method returns the identifier of a process instance which will be needed in order to start a process or to continue
+	 * process execution after asynchronous task execution (refer to {@link #start(String)} and
+	 * {@link #signal(String)} for further information).
 	 * 
 	 * @param processDefinitionId
 	 *            The identifier of the respective process definition.
 	 * @param executionContext The execution context (may be {@code null}).
-	 * @return The newly created process instance (never {@code null}).
+	 * @return The id of the newly created process instance (never {@code null}).
 	 * @throws ProcessExecutionException
 	 *             Thrown in case of error, e.g. when a {@code processDefinitionId} is referenced that does not exist.
 	 */
-	ProcessInstance createProcessInstance(String processDefinitionId, ExecutionContext executionContext) throws ProcessExecutionException;
+	String createProcessInstance(String processDefinitionId, ExecutionContext executionContext) throws ProcessExecutionException;
 
 	/**
-	 * Creates a process instance according to the referenced process definition.
+	 * Creates a process instance according to the referenced process definition, persists it into the database and returns it identifier.
 	 * <p/>
-	 * Note that the method returns a process instance which will be needed in order to start a process or to continue
-	 * process execution after asynchronous task execution (refer to {@link #start(ProcessInstance)} and
-	 * {@link #signal(ProcessInstance)} for further information).
+	 * Note that the method returns the identifier of a process instance which will be needed in order to start a process or to continue
+	 * process execution after asynchronous task execution (refer to {@link #start(String))} and
+	 * {@link #signal(String)} for further information).
 	 * 
 	 * @param processDefinitionId
 	 *            The identifier of the respective process definition.
-	 * @return The newly created process instance (never {@code null}).
+	 * @return The id of the newly created process instance (never {@code null}).
 	 * @throws ProcessExecutionException
 	 *             Thrown in case of error, e.g. when a {@code processDefinitionId} is referenced that does not exist.
 	 */
-	ProcessInstance createProcessInstance(String processDefinitionId) throws ProcessExecutionException;
+	String createProcessInstance(String processDefinitionId) throws ProcessExecutionException;
 
 	/**
 	 * Returns the process instance with a given {@code processInstanceId}.
@@ -73,41 +73,24 @@ public interface ProcessEngine {
 	ProcessInstance getProcessInstance(String processInstanceId);
 
 	/**
-	 * Starts the process using the given {@code processInstance}.
+	 * Starts the process using the given {@code processInstanceId}.
 	 * 
-	 * @param processInstance
-	 *            The process instance.
+	 * @param processInstanceId
+	 *            The process instance id.
 	 * @throws ProcessExecutionException
 	 *             Thrown in case of error.
 	 */
-	void start(ProcessInstance processInstance) throws ProcessExecutionException;
+	void start(String processInstanceId) throws ProcessExecutionException;
+
 
 	/**
 	 * Resumes process execution after an asynchronous task has been executed.
 	 * 
-	 * @param processInstance
-	 *            The process instance.
+	 * @param processInstanceId
+	 *            The process instance id.
 	 * @throws ProcessExecutionException
 	 *             Thrown in case of error.
 	 */
-	void signal(ProcessInstance processInstance) throws ProcessExecutionException;
-
-	/**
-	 * Performs cleanup, removing all process instances that have not been used for a certain time.
-	 * 
-	 * @see #setProcessInstanceMaxIdleTimeSeconds(long)
-	 */
-	void cleanup();
-
-	/**
-	 * Returns the first process instance with a process context containing some {@code value} stored under key {@code key}.
-	 * 
-	 * @param key
-	 *            The key.
-	 * @param value
-	 *            The value that needs to match.
-	 * @return The process instance or {@code null} in case no process instance was found.
-	 */
-	ProcessInstance findProcessInstanceWith(String key, Serializable value);
+	void signal(String processInstanceId) throws ProcessExecutionException;
 
 }
\ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java
index 3ba8fb9ed..8af9e1b69 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java
@@ -2,11 +2,8 @@ package at.gv.egovernment.moa.id.process;
 
 import java.io.InputStream;
 import java.io.Serializable;
-import java.util.Date;
-import java.util.Iterator;
+import java.util.HashMap;
 import java.util.Map;
-import java.util.Map.Entry;
-import java.util.Objects;
 import java.util.concurrent.ConcurrentHashMap;
 
 import org.apache.commons.collections4.CollectionUtils;
@@ -16,10 +13,14 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.slf4j.MDC;
 
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.process.api.ExpressionEvaluationContext;
 import at.gv.egovernment.moa.id.process.api.ExpressionEvaluator;
 import at.gv.egovernment.moa.id.process.api.Task;
+import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStore;
+import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStoreDAO;
+import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStoreDAOImpl;
 import at.gv.egovernment.moa.id.process.model.EndEvent;
 import at.gv.egovernment.moa.id.process.model.ProcessDefinition;
 import at.gv.egovernment.moa.id.process.model.ProcessNode;
@@ -33,21 +34,20 @@ import at.gv.egovernment.moa.id.process.model.Transition;
  *
  */
 public class ProcessEngineImpl implements ProcessEngine {
-	
+
 	private Logger log = LoggerFactory.getLogger(getClass());
-	
+
 	private ProcessDefinitionParser pdp = new ProcessDefinitionParser();
 
+	ProcessInstanceStoreDAO piStoreDao = ProcessInstanceStoreDAOImpl.getInstance();
+
 	private Map<String, ProcessDefinition> processDefinitions = new ConcurrentHashMap<String, ProcessDefinition>();
-	private Map<String, ProcessInstance> processInstances = new ConcurrentHashMap<String, ProcessInstance>();
-	
+
 	private final static String MDC_CTX_PI_NAME = "processInstanceId";
 	private final static String MDC_CTX_TASK_NAME = "taskId";
-	
-	private static final long DEFAULT_PROCESS_INSTANCE_MAX_AGE_SECONDS = 3600;
-	private long processInstanceIdleTimeSeconds = DEFAULT_PROCESS_INSTANCE_MAX_AGE_SECONDS;
+
 	private ExpressionEvaluator transitionConditionExpressionEvaluator;
-	
+
 	@Override
 	public void registerProcessDefinition(ProcessDefinition processDefinition) {
 		log.info("Registering process definition '{}'.", processDefinition.getId());
@@ -61,7 +61,7 @@ public class ProcessEngineImpl implements ProcessEngine {
 
 	/**
 	 * Sets the process definitions.
-	 * 
+	 *
 	 * @param processDefinitions
 	 *            The process definitions.
 	 * @throws IllegalArgumentException
@@ -76,19 +76,6 @@ public class ProcessEngineImpl implements ProcessEngine {
 			registerProcessDefinition(pd);
 		}
 	}
-	
-	/**
-	 * Defines the time frame in seconds an idle process instance will be managed by the process engine. A process
-	 * instance with an idle time larger than the given time will be removed.
-	 * <p/>
-	 * Note that {@link #cleanup()} needs to be called in order to remove expired process instances.
-	 * 
-	 * @param processInstanceMaxIdleTimeSeconds
-	 *            The maximum idle time in seconds.
-	 */
-	public void setProcessInstanceMaxIdleTimeSeconds(long processInstanceMaxIdleTimeSeconds) {
-		this.processInstanceIdleTimeSeconds = processInstanceMaxIdleTimeSeconds;
-	}
 
 	/**
 	 * Sets an expression evaluator that should be used to process transition condition expressions.
@@ -98,10 +85,10 @@ public class ProcessEngineImpl implements ProcessEngine {
 			ExpressionEvaluator transitionConditionExpressionEvaluator) {
 		this.transitionConditionExpressionEvaluator = transitionConditionExpressionEvaluator;
 	}
-	
+
 
 	@Override
-	public ProcessInstance createProcessInstance(String processDefinitionId, ExecutionContext executionContext) throws ProcessExecutionException {
+	public String createProcessInstance(String processDefinitionId, ExecutionContext executionContext) throws ProcessExecutionException {
 		// look for respective process definition
 		ProcessDefinition pd = processDefinitions.get(processDefinitionId);
 		if (pd == null) {
@@ -110,19 +97,32 @@ public class ProcessEngineImpl implements ProcessEngine {
 		// create and keep process instance
 		ProcessInstance pi = new ProcessInstance(pd, executionContext);
 		log.info("Creating process instance from process definition '{}': {}", processDefinitionId, pi.getId());
-		processInstances.put(pi.getId(), pi);
-		return pi;
+
+		try {
+			saveProcessInstance(pi);
+		} catch (MOADatabaseException e) {
+			throw new ProcessExecutionException(e.getMessage(), e.getCause());
+		}
+
+		return pi.getId();
 	}
 
 	@Override
-	public ProcessInstance createProcessInstance(String processDefinitionId) throws ProcessExecutionException {
+	public String createProcessInstance(String processDefinitionId) throws ProcessExecutionException {
 		return createProcessInstance(processDefinitionId, null);
 	}
 
 	@Override
-	public void start(ProcessInstance pi) throws ProcessExecutionException {
-		MDC.put(MDC_CTX_PI_NAME, pi.getId());
+	public void start(String processInstanceId) throws ProcessExecutionException {
+
+		boolean mdcEntryAdded = false;
+
 		try {
+			ProcessInstance pi = loadProcessInstance(processInstanceId);
+
+			MDC.put(MDC_CTX_PI_NAME, pi.getId());
+			mdcEntryAdded = true;
+
 			if (!ProcessInstanceState.NOT_STARTED.equals(pi.getState())) {
 				throw new ProcessExecutionException("Process instance '" + pi.getId() + "' has already been started (current state is " + pi.getState() + ").");
 			}
@@ -130,45 +130,49 @@ public class ProcessEngineImpl implements ProcessEngine {
 			// execute process
 			pi.setState(ProcessInstanceState.STARTED);
 			execute(pi);
+
+			saveProcessInstance(pi);
+		} catch (MOADatabaseException e) {
+			throw new ProcessExecutionException(e.getMessage(), e.getCause());
+
 		} finally {
-			MDC.remove(MDC_CTX_PI_NAME);
+			if (mdcEntryAdded)
+				MDC.remove(MDC_CTX_PI_NAME);
 		}
 	}
 	
 	@Override
-	public void signal(ProcessInstance pi) throws ProcessExecutionException {
-		MDC.put(MDC_CTX_PI_NAME, pi.getId());
+	public void signal(String processInstanceId) throws ProcessExecutionException {
+
+		boolean mdcEntryAdded = false;
+
 		try {
+			ProcessInstance pi = loadProcessInstance(processInstanceId);
+
+			MDC.put(MDC_CTX_PI_NAME, pi.getId());
+			mdcEntryAdded = true;
+
 			if (!ProcessInstanceState.SUSPENDED.equals(pi.getState())) {
 				throw new ProcessExecutionException("Process instance '" + pi.getId() + "' has not been suspended (current state is " + pi.getState() + ").");
 			}
+
 			log.info("Waking up process instance '{}'.", pi.getId());
 			pi.setState(ProcessInstanceState.STARTED);
 			execute(pi);
+
+			saveProcessInstance(pi);
+		} catch (MOADatabaseException e) {
+			throw new ProcessExecutionException(e.getMessage(), e.getCause());
+
 		} finally {
-			MDC.remove(MDC_CTX_PI_NAME);
+			if (mdcEntryAdded)
+				MDC.remove(MDC_CTX_PI_NAME);
 		}
 	}
 	
-	@Override
-	public synchronized void cleanup() {
-		log.trace("Cleanup job started.");
-		Iterator<Entry<String, ProcessInstance>> it = processInstances.entrySet().iterator();
-		while (it.hasNext()) {
-			Entry<String, ProcessInstance> entry = it.next();
-			ProcessInstance pi = entry.getValue();
-			log.trace("Checking process instance {}.", pi);
-			long ageMillis = new Date().getTime() - pi.getLru().getTime();
-			if (ageMillis > processInstanceIdleTimeSeconds * 1000) {
-				log.info("Removing process instance '{}'.", pi.getId());
-				processInstances.remove(entry.getKey());
-			}
-		}
-		log.trace("Cleanup job completed.");
-	}
 
 	/**
-	 * Instantates a task implementation given by a {@link TaskInfo}.
+	 * Instantiates a task implementation given by a {@link TaskInfo}.
 	 * @param ti The task info.
 	 * @return A Task implementation or {@code null} if the task info does not reference any task implementing classes.
 	 * @throws ProcessExecutionException Thrown in case of error (when the referenced class does not implement {@link Task} for instance).
@@ -194,7 +198,7 @@ public class ProcessEngineImpl implements ProcessEngine {
 				throw new ProcessExecutionException("Unable to instantiate class '" + clazz + "' associated with task '" + ti.getId() + "' .", e);
 			}
 		}
-		
+
 		return task;
 	}
 
@@ -239,7 +243,12 @@ public class ProcessEngineImpl implements ProcessEngine {
 			
 		} else if (processNode instanceof EndEvent) {
 			log.info("Finishing process instance '{}'.", pi.getId());
-			processInstances.remove(pi.getId());
+
+			try {
+				piStoreDao.remove(pi.getId());
+			} catch (MOADatabaseException e) {
+				throw new ProcessExecutionException(e.getMessage(), e.getCause());
+			}
 			pi.setState(ProcessInstanceState.ENDED);
 			log.debug("Final process context: {}", pi.getExecutionContext().keySet());
 			return;
@@ -282,23 +291,73 @@ public class ProcessEngineImpl implements ProcessEngine {
 
 	@Override
 	public ProcessInstance getProcessInstance(String processInstanceId) {
-		ProcessInstance processInstance = processInstances.get(processInstanceId);
+
+		ProcessInstance processInstance;
+		try {
+			processInstance = loadProcessInstance(processInstanceId);
+
+		} catch (MOADatabaseException e) {
+			throw new IllegalArgumentException("The process instance '" + processInstanceId + "' could not be retrieved.");
+		}
+
 		if (processInstance == null) {
 			throw new IllegalArgumentException("The process instance '" + processInstanceId + "' does not/no longer exist.");
 		}
+
 		return processInstance;
 	}
 
-	@Override
-	public ProcessInstance findProcessInstanceWith(String key, Serializable value) {
-		Iterator<ProcessInstance> it = processInstances.values().iterator();
-		while (it.hasNext()) {
-			ProcessInstance pi = it.next();
-			if (Objects.equals(pi.getExecutionContext().get(key), value)) {
-				return pi;
-			}
+	/**
+	 * Persists a {@link ProcessInstance} to the database.
+	 * @param processInstance The object to persist.
+	 * @throws MOADatabaseException Thrown if an error occurs while accessing the database.
+	 */
+	private void saveProcessInstance(ProcessInstance processInstance) throws MOADatabaseException {
+		ProcessInstanceStore store = new ProcessInstanceStore();
+
+		ExecutionContext ctx = processInstance.getExecutionContext();
+
+		Map<String, Serializable> ctxData = new HashMap<String, Serializable>();
+		for (String key : ctx.keySet()) {
+			ctxData.put(key, ctx.get(key));
+		}
+		store.setExecutionContextData(ctxData);
+
+		store.setNextTaskId(processInstance.getNextId());
+		store.setProcessDefinitionId(processInstance.getProcessDefinition().getId());
+
+		store.setProcessInstanceId(processInstance.getId());
+		store.setProcessState(processInstance.getState());
+
+		piStoreDao.save(store);
+	}
+
+	/**
+	 * Load a {@link ProcessInstance} with a certain id from the database.
+	 * @param processInstanceId The process instance id
+	 * @return The process instance corresponding to the id or {@code null} if no such object is found.
+	 * @throws MOADatabaseException Thrown if an error occurs while accessing the database.
+	 */
+	private ProcessInstance loadProcessInstance(String processInstanceId) throws MOADatabaseException {
+
+		ProcessInstanceStore piStore = piStoreDao.load(processInstanceId);
+
+		if (piStore == null) {
+			return null;
 		}
-		return null;
+
+		ExecutionContext executionContext = new ExecutionContextImpl(piStore.getProcessInstanceId());
+
+		Map<String, Serializable> executionContextData = piStore.getExecutionContextData();
+		for (String key : executionContextData.keySet()) {
+			executionContext.put(key, executionContextData.get(key));
+		}
+
+		ProcessInstance pi = new ProcessInstance(processDefinitions.get(piStore.getProcessDefinitionId()), executionContext);
+		pi.setNextId(piStore.getNextTaskId());
+		pi.setState(piStore.getProcessState());
+
+		return pi;
 	}
 	
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStore.java
index c94c95516..c86d0de3d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStore.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStore.java
@@ -32,7 +32,7 @@ public class ProcessInstanceStore {
 
 	@Column(name = "processState", nullable = false)
 	@Enumerated(value = EnumType.STRING)
-	private Enum<ProcessInstanceState> processState;
+	private ProcessInstanceState processState;
 
 	@Column(name = "executionContextData", nullable = false)
 	@Lob
@@ -50,7 +50,7 @@ public class ProcessInstanceStore {
 		return nextTaskId;
 	}
 
-	public Enum<ProcessInstanceState> getProcessState() {
+	public ProcessInstanceState getProcessState() {
 		return processState;
 	}
 
@@ -70,7 +70,7 @@ public class ProcessInstanceStore {
 		this.nextTaskId = nextTaskId;
 	}
 
-	public void setProcessState(Enum<ProcessInstanceState> processState) {
+	public void setProcessState(ProcessInstanceState processState) {
 		this.processState = processState;
 	}
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAO.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAO.java
index 0aa6f80cd..999a9b82b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAO.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAO.java
@@ -42,14 +42,4 @@ public interface ProcessInstanceStoreDAO {
 	 */
 	void remove(String processInstanceId) throws MOADatabaseException;
 
-	/**
-	 * Returns all {@link ProcessInstanceStore} objects stored in the database.
-	 * The returned list may be empty, but never {@code null}.
-	 * 
-	 * @return a list of {@link ProcessInstanceStore} (never {@code null}).
-	 * @throws MOADatabaseException
-	 *             is thrown if a problem occurs while accessing the database.
-	 */
-	List<ProcessInstanceStore> getAllProcessInstanceStores() throws MOADatabaseException;
-
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java
index 4b7468013..e9e977d53 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAOImpl.java
@@ -84,33 +84,4 @@ public class ProcessInstanceStoreDAOImpl implements ProcessInstanceStoreDAO {
 		}
 	}
 
-	@SuppressWarnings("unchecked")
-	@Override
-	public List<ProcessInstanceStore> getAllProcessInstanceStores() throws MOADatabaseException {
-		log.debug("Retrieve a list with all ProcessInstanceStores from the database.");
-		Session session = MOASessionDBUtils.getCurrentSession();
-
-		List<ProcessInstanceStore> result = Collections.emptyList();
-		Transaction tx = null;
-		synchronized (session) {
-			try {
-
-				tx = session.beginTransaction();
-				// select all
-				result = session.createCriteria(ProcessInstanceStore.class).list();
-				tx.commit();
-
-			} catch (Exception e) {
-				log.error("A problem occured while retrieving all stored ProcessInstanceStores.");
-				if (tx != null) {
-					tx.rollback();
-				}
-				throw e;
-			} finally {
-				MOASessionDBUtils.closeSession();
-			}
-		}
-		return result;
-	}
-
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
index a9f5ed60a..9ee29c260 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
@@ -48,6 +48,7 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.EncryptedData;
 import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.process.dao.ProcessInstanceStoreDAOImpl;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.util.Random;
@@ -912,19 +913,26 @@ public class AuthenticationSessionStoreage {
 		
 	}
 	
-	private static void cleanDelete(AuthenticatedSessionStore result) {		
+	private static void cleanDelete(AuthenticatedSessionStore result) {
+
+		try {
+			AuthenticationSession session = getSession(result.getSessionid());
+			ProcessInstanceStoreDAOImpl.getInstance().remove(session.getProcessInstanceId());
+
+		} catch (MOADatabaseException e) {
+			Logger.warn("Removing process with processID=" + result.getSessionid() + " FAILED.", e);
+		}
+
 		try {
 			result.setSession("blank".getBytes());
 			MOASessionDBUtils.saveOrUpdate(result);
-			
+
 		} catch (MOADatabaseException e) {
 			Logger.warn("Blank authenticated session with sessionID=" + result.getSessionid() + " FAILED.", e);
-			
+
 		} finally {
 			if (!MOASessionDBUtils.delete(result))
-				Logger.error("Authenticated session with sessionID=" + result.getSessionid() 
-							+ " not removed! (Error during Database communication)");
-			
+				Logger.error("Authenticated session with sessionID=" + result.getSessionid() + " not removed! (Error during Database communication)");
 		}
 	}
 	
-- 
cgit v1.2.3


From 4b6fd327b29ff84f61914f33b6361fa31441c92e Mon Sep 17 00:00:00 2001
From: Thomas Knall <t.knall@datentechnik-innovation.com>
Date: Wed, 4 Feb 2015 11:31:43 +0100
Subject: Create separate module STORK (MOAID-67)

- Add new maven module moa-id-modules and sub module moa-id-module-stork.
- Move stork relates processes and task to module moa-id-module-stork.
- Move module registration to modules package.
---
 id/server/auth/pom.xml                             |   4 +
 .../src/main/webapp/WEB-INF/applicationContext.xml |   4 +-
 .../id/auth/modules/AbstractAuthServletTask.java   | 378 ++++++++++++++
 .../moa/id/auth/modules/AuthModule.java            |  41 ++
 .../modules/internal/DefaultAuthModuleImpl.java    |   2 +-
 .../internal/tasks/AbstractAuthServletTask.java    | 378 --------------
 .../internal/tasks/CertificateReadRequestTask.java |   4 +-
 .../internal/tasks/CreateIdentityLinkFormTask.java |   1 +
 .../modules/internal/tasks/GetForeignIDTask.java   |   1 +
 .../internal/tasks/GetMISSessionIDTask.java        |   1 +
 .../tasks/PrepareAuthBlockSignatureTask.java       |   1 +
 .../tasks/VerifyAuthenticationBlockTask.java       |   1 +
 .../internal/tasks/VerifyCertificateTask.java      |   1 +
 .../internal/tasks/VerifyIdentityLinkTask.java     |   1 +
 .../modules/registration/ModuleRegistration.java   | 149 ++++++
 .../id/auth/modules/stork/STORKAuthModuleImpl.java |  39 --
 .../stork/STORKWebApplicationInitializer.java      |  37 --
 .../AbstractPepsConnectorWithLocalSigningTask.java | 223 --------
 .../tasks/CreateStorkAuthRequestFormTask.java      | 112 ----
 .../PepsConnectorHandleLocalSignResponseTask.java  | 216 --------
 ...onnectorHandleResponseWithoutSignatureTask.java | 439 ----------------
 .../modules/stork/tasks/PepsConnectorTask.java     | 566 ---------------------
 .../servlet/GenerateIFrameTemplateServlet.java     |   2 +-
 .../moa/id/moduls/AuthenticationManager.java       |   2 +-
 .../id/moduls/moduleregistration/AuthModule.java   |  41 --
 .../moduleregistration/ModuleRegistration.java     | 149 ------
 .../egovernment/moa/id/process/ProcessEngine.java  |   3 +-
 .../moa/id/process/ProcessEngineImpl.java          |   6 +-
 ...t.gv.egovernment.moa.id.auth.modules.AuthModule |   2 +
 ...ent.moa.id.moduls.moduleregistration.AuthModule |   2 -
 .../auth/modules/stork/STORK.authmodule.beans.xml  |  14 -
 .../modules/stork/STORKAuthentication.process.xml  |  29 --
 id/server/modules/module-stork/pom.xml             |  22 +
 .../id/auth/modules/stork/STORKAuthModuleImpl.java |  39 ++
 .../stork/STORKWebApplicationInitializer.java      |  37 ++
 .../AbstractPepsConnectorWithLocalSigningTask.java | 223 ++++++++
 .../tasks/CreateStorkAuthRequestFormTask.java      | 112 ++++
 .../PepsConnectorHandleLocalSignResponseTask.java  | 216 ++++++++
 ...onnectorHandleResponseWithoutSignatureTask.java | 439 ++++++++++++++++
 .../modules/stork/tasks/PepsConnectorTask.java     | 566 +++++++++++++++++++++
 .../auth/modules/stork/STORK.authmodule.beans.xml  |  14 +
 .../modules/stork/STORKAuthentication.process.xml  |  29 ++
 id/server/modules/pom.xml                          |  48 ++
 id/server/pom.xml                                  |   1 +
 pom.xml                                            |   7 +-
 45 files changed, 2346 insertions(+), 2256 deletions(-)
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AuthModule.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/AbstractAuthServletTask.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/registration/ModuleRegistration.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthModuleImpl.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORKWebApplicationInitializer.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/AbstractPepsConnectorWithLocalSigningTask.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/moduleregistration/AuthModule.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/moduleregistration/ModuleRegistration.java
 create mode 100644 id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule
 delete mode 100644 id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.moduleregistration.AuthModule
 delete mode 100644 id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/stork/STORK.authmodule.beans.xml
 delete mode 100644 id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthentication.process.xml
 create mode 100644 id/server/modules/module-stork/pom.xml
 create mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthModuleImpl.java
 create mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORKWebApplicationInitializer.java
 create mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/AbstractPepsConnectorWithLocalSigningTask.java
 create mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
 create mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java
 create mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java
 create mode 100644 id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java
 create mode 100644 id/server/modules/module-stork/src/main/resources/at/gv/egovernment/moa/id/auth/modules/stork/STORK.authmodule.beans.xml
 create mode 100644 id/server/modules/module-stork/src/main/resources/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthentication.process.xml
 create mode 100644 id/server/modules/pom.xml

(limited to 'id/server/auth/src')

diff --git a/id/server/auth/pom.xml b/id/server/auth/pom.xml
index 529737820..df45568dc 100644
--- a/id/server/auth/pom.xml
+++ b/id/server/auth/pom.xml
@@ -137,6 +137,10 @@
             <artifactId>oasis-dss-api</artifactId>
             <version>1.0.0-RELEASE</version>
         </dependency>
+		<dependency>
+			<groupId>MOA.id.server.modules</groupId>
+			<artifactId>moa-id-module-stork</artifactId>
+		</dependency>
 
         <!-- transitive dependencies we don't want to include into the war -->
 		<dependency>
diff --git a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml
index 1fe3b4254..fabe6cd9c 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml
@@ -15,9 +15,9 @@
 	
 	<bean id="authenticationManager" class="at.gv.egovernment.moa.id.moduls.AuthenticationManager" factory-method="getInstance" />
 
-	<bean id="moduleRegistration" class="at.gv.egovernment.moa.id.moduls.moduleregistration.ModuleRegistration" factory-method="getInstance" />
-	
 	<!-- import auth modules -->
 	<import resource="classpath*:**/*.authmodule.beans.xml" />
 
+	<bean id="moduleRegistration" class="at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration" factory-method="getInstance" />
+	
 </beans>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
new file mode 100644
index 000000000..3b20e85d7
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
@@ -0,0 +1,378 @@
+package at.gv.egovernment.moa.id.auth.modules;
+
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.fileupload.FileItem;
+import org.apache.commons.fileupload.FileItemFactory;
+import org.apache.commons.fileupload.FileUploadException;
+import org.apache.commons.fileupload.disk.DiskFileItemFactory;
+import org.apache.commons.fileupload.servlet.ServletFileUpload;
+import org.apache.commons.lang3.ArrayUtils;
+
+import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet;
+import at.gv.egovernment.moa.id.process.springweb.AbstractSpringWebSupportedTask;
+import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl;
+import at.gv.egovernment.moa.id.storage.IExceptionStore;
+import at.gv.egovernment.moa.id.util.ServletUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * Task based counterpart to {@link AuthServlet}, providing the same utility methods (error handling, parameter parsing
+ * etc.).</p> The code has been taken from {@link AuthServlet}.
+ */
+public abstract class AbstractAuthServletTask extends AbstractSpringWebSupportedTask {
+
+	protected static final String ERROR_CODE_PARAM = "errorid";
+
+	protected void handleErrorNoRedirect(String errorMessage, Throwable exceptionThrown,
+			HttpServletRequest req, HttpServletResponse resp) {
+
+		if (null != errorMessage) {
+			Logger.error(errorMessage);
+			req.setAttribute("ErrorMessage", errorMessage);
+		}
+
+		if (null != exceptionThrown) {
+			if (null == errorMessage)
+				errorMessage = exceptionThrown.getMessage();
+			Logger.error(errorMessage, exceptionThrown);
+			req.setAttribute("ExceptionThrown", exceptionThrown);
+		}
+
+		if (Logger.isDebugEnabled()) {
+			req.setAttribute("LogLevel", "debug");
+		}
+		
+		
+		StatisticLogger logger = StatisticLogger.getInstance();
+		logger.logErrorOperation(exceptionThrown);
+		
+		
+		// forward this to errorpage-auth.jsp where the HTML error page is
+		// generated
+		ServletContext context = req.getServletContext();
+		RequestDispatcher dispatcher = context
+				.getRequestDispatcher("/errorpage-auth.jsp");
+		try {
+
+			resp.setHeader(HEADER_EXPIRES, HEADER_VALUE_EXPIRES);
+			resp.setHeader(HEADER_PRAGMA, HEADER_VALUE_PRAGMA);
+			resp.setHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL);
+			resp.addHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL_IE);
+
+			dispatcher.forward(req, resp);
+		} catch (ServletException e) {
+			Logger.error(e);
+		} catch (IOException e) {
+			Logger.error(e);
+		}
+	}
+	
+	/**
+	 * Handles an error. <br>>
+	 * <ul>
+	 * <li>Logs the error</li>
+	 * <li>Places error message and exception thrown into the request as request
+	 * attributes (to be used by <code>"/errorpage-auth.jsp"</code>)</li>
+	 * <li>Sets HTTP status 500 (internal server error)</li>
+	 * </ul>
+	 * 
+	 * @param errorMessage
+	 *            error message
+	 * @param exceptionThrown
+	 *            exception thrown
+	 * @param req
+	 *            servlet request
+	 * @param resp
+	 *            servlet response
+	 */
+	protected void handleError(String errorMessage, Throwable exceptionThrown,
+			HttpServletRequest req, HttpServletResponse resp, String pendingRequestID) {
+
+		if (null != errorMessage) {
+			Logger.error(errorMessage);
+			req.setAttribute("ErrorMessage", errorMessage);
+		}
+
+		if (null != exceptionThrown) {
+			if (null == errorMessage)
+				errorMessage = exceptionThrown.getMessage();
+			Logger.error(errorMessage, exceptionThrown);
+			req.setAttribute("ExceptionThrown", exceptionThrown);
+		}
+
+		if (Logger.isDebugEnabled()) {
+			req.setAttribute("LogLevel", "debug");
+		}
+
+		if (!(exceptionThrown instanceof MOAIDException)) {
+			Logger.error("Receive an internal error: Message=" + exceptionThrown.getMessage(), exceptionThrown);
+			
+		}
+		
+		IExceptionStore store = DBExceptionStoreImpl.getStore();
+		String id = store.storeException(exceptionThrown);
+
+		if (id != null && MiscUtil.isNotEmpty(pendingRequestID)) {
+		
+			String redirectURL = null;
+
+			redirectURL = ServletUtils.getBaseUrl(req);
+			redirectURL += "/dispatcher?" + ERROR_CODE_PARAM + "=" + id 
+					+ "&" + DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;
+		
+			resp.setContentType("text/html");
+			resp.setStatus(302);
+	
+			resp.addHeader("Location", redirectURL);		
+			Logger.debug("REDIRECT TO: " + redirectURL);	
+		
+			return;
+			
+		} else {
+			
+			//Exception can not be stored in database
+			handleErrorNoRedirect(errorMessage, exceptionThrown, req, resp);
+		}
+	}
+
+	/**
+	 * Handles a <code>WrongParametersException</code>.
+	 * 
+	 * @param req
+	 *            servlet request
+	 * @param resp
+	 *            servlet response
+	 */
+	protected void handleWrongParameters(WrongParametersException ex,
+			HttpServletRequest req, HttpServletResponse resp) {
+		Logger.error(ex.toString());
+		req.setAttribute("WrongParameters", ex.getMessage());
+
+		// forward this to errorpage-auth.jsp where the HTML error page is
+		// generated
+		ServletContext context = req.getServletContext();
+		RequestDispatcher dispatcher = context
+				.getRequestDispatcher("/errorpage-auth.jsp");
+		try {
+			setNoCachingHeaders(resp);
+			dispatcher.forward(req, resp);
+		} catch (ServletException e) {
+			Logger.error(e);
+		} catch (IOException e) {
+			Logger.error(e);
+		}
+	}
+
+	/**
+	 * Logs all servlet parameters for debugging purposes.
+	 */
+	protected void logParameters(HttpServletRequest req) {
+		for (Enumeration params = req.getParameterNames(); params
+				.hasMoreElements();) {
+			String parname = (String) params.nextElement();
+			Logger.debug("Parameter " + parname + req.getParameter(parname));
+		}
+	}
+
+	/**
+	 * Parses the request input stream for parameters, assuming parameters are
+	 * encoded UTF-8 (no standard exists how browsers should encode them).
+	 * 
+	 * @param req
+	 *            servlet request
+	 * 
+	 * @return mapping parameter name -> value
+	 * 
+	 * @throws IOException
+	 *             if parsing request parameters fails.
+	 * 
+	 * @throws FileUploadException
+	 *             if parsing request parameters fails.
+	 */
+	protected Map<String, String> getParameters(HttpServletRequest req) throws IOException,
+			FileUploadException {
+
+		Map<String, String> parameters = new HashMap<String, String>();
+
+		if (ServletFileUpload.isMultipartContent(req)) {
+			// request is encoded as mulitpart/form-data
+			FileItemFactory factory = new DiskFileItemFactory();
+			ServletFileUpload upload = null;
+			upload = new ServletFileUpload(factory);
+			List items = null;
+			items = upload.parseRequest(req);
+			for (int i = 0; i < items.size(); i++) {
+				FileItem item = (FileItem) items.get(i);
+				if (item.isFormField()) {
+					// Process only form fields - no file upload items
+					String logString = item.getString("UTF-8");
+
+					// TODO use RegExp
+					String startS = "<pr:Identification><pr:Value>";
+					String endS = "</pr:Value><pr:Type>urn:publicid:gv.at:baseid</pr:Type>";
+					String logWithMaskedBaseid = logString;
+					int start = logString.indexOf(startS);
+					if (start > -1) {
+						int end = logString.indexOf(endS);
+						if (end > -1) {
+							logWithMaskedBaseid = logString.substring(0, start);
+							logWithMaskedBaseid += startS;
+							logWithMaskedBaseid += "xxxxxxxxxxxxxxxxxxxxxxxx";
+							logWithMaskedBaseid += logString.substring(end,
+									logString.length());
+						}
+					}
+					parameters
+							.put(item.getFieldName(), item.getString("UTF-8"));
+					Logger.debug("Processed multipart/form-data request parameter: \nName: "
+							+ item.getFieldName()
+							+ "\nValue: "
+							+ logWithMaskedBaseid);
+				}
+			}
+		}
+
+		else {
+			// request is encoded as application/x-www-urlencoded
+			// [tknall]: we must not consume request body input stream once servlet-api request parameters have been accessed
+			
+			/*
+			InputStream in = req.getInputStream();
+
+			String paramName;
+			String paramValueURLEncoded;
+			do {
+				paramName = new String(readBytesUpTo(in, '='));
+				if (paramName.length() > 0) {
+					paramValueURLEncoded = readBytesUpTo(in, '&');
+					String paramValue = URLDecoder.decode(paramValueURLEncoded,
+							"UTF-8");
+					parameters.put(paramName, paramValue);
+				}
+			} while (paramName.length() > 0);
+			in.close();
+			*/
+			
+			Iterator<Entry<String, String[]>> requestParamIt = req.getParameterMap().entrySet().iterator();
+			while (requestParamIt.hasNext()) {
+				Entry<String, String[]> entry = requestParamIt.next();
+				String key = entry.getKey();
+				String[] values = entry.getValue();
+				// take the last value from the value array since the legacy code above also does it this way
+				parameters.put(key, ArrayUtils.isEmpty(values) ? null : values[values.length-1]); 
+			}
+			
+		}
+
+		return parameters;
+	}
+
+	/**
+	 * Reads bytes up to a delimiter, consuming the delimiter.
+	 * 
+	 * @param in
+	 *            input stream
+	 * @param delimiter
+	 *            delimiter character
+	 * @return String constructed from the read bytes
+	 * @throws IOException
+	 */
+	protected String readBytesUpTo(InputStream in, char delimiter)
+			throws IOException {
+		ByteArrayOutputStream bout = new ByteArrayOutputStream();
+		boolean done = false;
+		int b;
+		while (!done && (b = in.read()) >= 0) {
+			if (b == delimiter)
+				done = true;
+			else
+				bout.write(b);
+		}
+		return bout.toString();
+	}
+
+	/**
+	 * Sets response headers that prevent caching (code taken from {@link AuthServlet}).
+	 * 
+	 * @param resp
+	 *            The HttpServletResponse.
+	 */
+	public void setNoCachingHeaders(HttpServletResponse resp) {
+		resp.setHeader(HEADER_EXPIRES, HEADER_VALUE_EXPIRES);
+		resp.setHeader(HEADER_PRAGMA, HEADER_VALUE_PRAGMA);
+		resp.setHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL);
+		resp.addHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL_IE);
+	}
+
+	/**
+	 * Adds a parameter to a URL.
+	 * 
+	 * @param url
+	 *            the URL
+	 * @param paramname
+	 *            parameter name
+	 * @param paramvalue
+	 *            parameter value
+	 * @return the URL with parameter added
+	 */
+	protected static String addURLParameter(String url, String paramname,
+			String paramvalue) {
+		String param = paramname + "=" + paramvalue;
+		if (url.indexOf("?") < 0)
+			return url + "?" + param;
+		else
+			return url + "&" + param;
+	}
+
+	/**
+	 * Checks if HTTP requests are allowed
+	 * 
+	 * @param authURL
+	 *            requestURL
+	 * @throws AuthenticationException
+	 *             if HTTP requests are not allowed
+	 * @throws ConfigurationException
+	 */
+	protected void checkIfHTTPisAllowed(String authURL)
+			throws AuthenticationException, ConfigurationException {
+		// check if HTTP Connection may be allowed (through
+		// FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
+		
+		//Removed from MOA-ID 2.0 config
+//		String boolStr = AuthConfigurationProvider
+//				.getInstance()
+//				.getGenericConfigurationParameter(
+//						AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
+		if ((!authURL.startsWith("https:"))
+				//&& (false == BoolUtils.valueOf(boolStr))
+				)
+			throw new AuthenticationException("auth.07", new Object[] { authURL
+					+ "*" });
+
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AuthModule.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AuthModule.java
new file mode 100644
index 000000000..a31f3ceb0
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AuthModule.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.auth.modules;
+
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.id.process.model.ProcessDefinition;
+
+/**
+ * Provides metadata of a certain module. Uses for module discovery and process selection.
+ */
+public interface AuthModule {
+
+	/**
+	 * Returns the priority of the module. The priority defines the order of the respective module within the chain of
+	 * discovered modules. Higher priorized modules are asked before lower priorized modules for a process that they can
+	 * handle.
+	 * <p/>
+	 * Internal default modules are priorized neutral ({@code 0}. Use a higher priority ({@code 1...Integer.MAX_VALUE})
+	 * in order to have your module(s) priorized or a lower priority ({@code Integer.MIN_VALUE...-1}) in order to put
+	 * your modules behind default modules.
+	 * 
+	 * @return the priority of the module.
+	 */
+	int getPriority();
+
+	/**
+	 * Checks if the module has a process, which is able to perform an authentication with the given
+	 * {@link ExecutionContext}.
+	 * 
+	 * @param context
+	 *            an ExecutionContext for a process.
+	 * @return the process-ID of a process which is able to work with the given ExecutionContext, or {@code null}.
+	 */
+	String selectProcess(ExecutionContext context);
+
+	/**
+	 * Returns the an Array of {@link ProcessDefinition}s of the processes included in this module.
+	 * 
+	 * @return an array of resource uris of the processes included in this module.
+	 */
+	String[] getProcessDefinitions();
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthModuleImpl.java
index a3b105cfd..8ae4a9999 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthModuleImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthModuleImpl.java
@@ -2,7 +2,7 @@ package at.gv.egovernment.moa.id.auth.modules.internal;
 
 import org.apache.commons.lang3.StringUtils;
 
-import at.gv.egovernment.moa.id.moduls.moduleregistration.AuthModule;
+import at.gv.egovernment.moa.id.auth.modules.AuthModule;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 
 /**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/AbstractAuthServletTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/AbstractAuthServletTask.java
deleted file mode 100644
index 088ec59d4..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/AbstractAuthServletTask.java
+++ /dev/null
@@ -1,378 +0,0 @@
-package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
-
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Map.Entry;
-
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletContext;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.fileupload.FileItem;
-import org.apache.commons.fileupload.FileItemFactory;
-import org.apache.commons.fileupload.FileUploadException;
-import org.apache.commons.fileupload.disk.DiskFileItemFactory;
-import org.apache.commons.fileupload.servlet.ServletFileUpload;
-import org.apache.commons.lang3.ArrayUtils;
-
-import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet;
-import at.gv.egovernment.moa.id.process.springweb.AbstractSpringWebSupportedTask;
-import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl;
-import at.gv.egovernment.moa.id.storage.IExceptionStore;
-import at.gv.egovernment.moa.id.util.ServletUtils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-/**
- * Task based counterpart to {@link AuthServlet}, providing the same utility methods (error handling, parameter parsing
- * etc.).</p> The code has been taken from {@link AuthServlet}.
- */
-public abstract class AbstractAuthServletTask extends AbstractSpringWebSupportedTask {
-
-	protected static final String ERROR_CODE_PARAM = "errorid";
-
-	protected void handleErrorNoRedirect(String errorMessage, Throwable exceptionThrown,
-			HttpServletRequest req, HttpServletResponse resp) {
-
-		if (null != errorMessage) {
-			Logger.error(errorMessage);
-			req.setAttribute("ErrorMessage", errorMessage);
-		}
-
-		if (null != exceptionThrown) {
-			if (null == errorMessage)
-				errorMessage = exceptionThrown.getMessage();
-			Logger.error(errorMessage, exceptionThrown);
-			req.setAttribute("ExceptionThrown", exceptionThrown);
-		}
-
-		if (Logger.isDebugEnabled()) {
-			req.setAttribute("LogLevel", "debug");
-		}
-		
-		
-		StatisticLogger logger = StatisticLogger.getInstance();
-		logger.logErrorOperation(exceptionThrown);
-		
-		
-		// forward this to errorpage-auth.jsp where the HTML error page is
-		// generated
-		ServletContext context = req.getServletContext();
-		RequestDispatcher dispatcher = context
-				.getRequestDispatcher("/errorpage-auth.jsp");
-		try {
-
-			resp.setHeader(HEADER_EXPIRES, HEADER_VALUE_EXPIRES);
-			resp.setHeader(HEADER_PRAGMA, HEADER_VALUE_PRAGMA);
-			resp.setHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL);
-			resp.addHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL_IE);
-
-			dispatcher.forward(req, resp);
-		} catch (ServletException e) {
-			Logger.error(e);
-		} catch (IOException e) {
-			Logger.error(e);
-		}
-	}
-	
-	/**
-	 * Handles an error. <br>>
-	 * <ul>
-	 * <li>Logs the error</li>
-	 * <li>Places error message and exception thrown into the request as request
-	 * attributes (to be used by <code>"/errorpage-auth.jsp"</code>)</li>
-	 * <li>Sets HTTP status 500 (internal server error)</li>
-	 * </ul>
-	 * 
-	 * @param errorMessage
-	 *            error message
-	 * @param exceptionThrown
-	 *            exception thrown
-	 * @param req
-	 *            servlet request
-	 * @param resp
-	 *            servlet response
-	 */
-	protected void handleError(String errorMessage, Throwable exceptionThrown,
-			HttpServletRequest req, HttpServletResponse resp, String pendingRequestID) {
-
-		if (null != errorMessage) {
-			Logger.error(errorMessage);
-			req.setAttribute("ErrorMessage", errorMessage);
-		}
-
-		if (null != exceptionThrown) {
-			if (null == errorMessage)
-				errorMessage = exceptionThrown.getMessage();
-			Logger.error(errorMessage, exceptionThrown);
-			req.setAttribute("ExceptionThrown", exceptionThrown);
-		}
-
-		if (Logger.isDebugEnabled()) {
-			req.setAttribute("LogLevel", "debug");
-		}
-
-		if (!(exceptionThrown instanceof MOAIDException)) {
-			Logger.error("Receive an internal error: Message=" + exceptionThrown.getMessage(), exceptionThrown);
-			
-		}
-		
-		IExceptionStore store = DBExceptionStoreImpl.getStore();
-		String id = store.storeException(exceptionThrown);
-
-		if (id != null && MiscUtil.isNotEmpty(pendingRequestID)) {
-		
-			String redirectURL = null;
-
-			redirectURL = ServletUtils.getBaseUrl(req);
-			redirectURL += "/dispatcher?" + ERROR_CODE_PARAM + "=" + id 
-					+ "&" + DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;
-		
-			resp.setContentType("text/html");
-			resp.setStatus(302);
-	
-			resp.addHeader("Location", redirectURL);		
-			Logger.debug("REDIRECT TO: " + redirectURL);	
-		
-			return;
-			
-		} else {
-			
-			//Exception can not be stored in database
-			handleErrorNoRedirect(errorMessage, exceptionThrown, req, resp);
-		}
-	}
-
-	/**
-	 * Handles a <code>WrongParametersException</code>.
-	 * 
-	 * @param req
-	 *            servlet request
-	 * @param resp
-	 *            servlet response
-	 */
-	protected void handleWrongParameters(WrongParametersException ex,
-			HttpServletRequest req, HttpServletResponse resp) {
-		Logger.error(ex.toString());
-		req.setAttribute("WrongParameters", ex.getMessage());
-
-		// forward this to errorpage-auth.jsp where the HTML error page is
-		// generated
-		ServletContext context = req.getServletContext();
-		RequestDispatcher dispatcher = context
-				.getRequestDispatcher("/errorpage-auth.jsp");
-		try {
-			setNoCachingHeaders(resp);
-			dispatcher.forward(req, resp);
-		} catch (ServletException e) {
-			Logger.error(e);
-		} catch (IOException e) {
-			Logger.error(e);
-		}
-	}
-
-	/**
-	 * Logs all servlet parameters for debugging purposes.
-	 */
-	protected void logParameters(HttpServletRequest req) {
-		for (Enumeration params = req.getParameterNames(); params
-				.hasMoreElements();) {
-			String parname = (String) params.nextElement();
-			Logger.debug("Parameter " + parname + req.getParameter(parname));
-		}
-	}
-
-	/**
-	 * Parses the request input stream for parameters, assuming parameters are
-	 * encoded UTF-8 (no standard exists how browsers should encode them).
-	 * 
-	 * @param req
-	 *            servlet request
-	 * 
-	 * @return mapping parameter name -> value
-	 * 
-	 * @throws IOException
-	 *             if parsing request parameters fails.
-	 * 
-	 * @throws FileUploadException
-	 *             if parsing request parameters fails.
-	 */
-	protected Map<String, String> getParameters(HttpServletRequest req) throws IOException,
-			FileUploadException {
-
-		Map<String, String> parameters = new HashMap<String, String>();
-
-		if (ServletFileUpload.isMultipartContent(req)) {
-			// request is encoded as mulitpart/form-data
-			FileItemFactory factory = new DiskFileItemFactory();
-			ServletFileUpload upload = null;
-			upload = new ServletFileUpload(factory);
-			List items = null;
-			items = upload.parseRequest(req);
-			for (int i = 0; i < items.size(); i++) {
-				FileItem item = (FileItem) items.get(i);
-				if (item.isFormField()) {
-					// Process only form fields - no file upload items
-					String logString = item.getString("UTF-8");
-
-					// TODO use RegExp
-					String startS = "<pr:Identification><pr:Value>";
-					String endS = "</pr:Value><pr:Type>urn:publicid:gv.at:baseid</pr:Type>";
-					String logWithMaskedBaseid = logString;
-					int start = logString.indexOf(startS);
-					if (start > -1) {
-						int end = logString.indexOf(endS);
-						if (end > -1) {
-							logWithMaskedBaseid = logString.substring(0, start);
-							logWithMaskedBaseid += startS;
-							logWithMaskedBaseid += "xxxxxxxxxxxxxxxxxxxxxxxx";
-							logWithMaskedBaseid += logString.substring(end,
-									logString.length());
-						}
-					}
-					parameters
-							.put(item.getFieldName(), item.getString("UTF-8"));
-					Logger.debug("Processed multipart/form-data request parameter: \nName: "
-							+ item.getFieldName()
-							+ "\nValue: "
-							+ logWithMaskedBaseid);
-				}
-			}
-		}
-
-		else {
-			// request is encoded as application/x-www-urlencoded
-			// [tknall]: we must not consume request body input stream once servlet-api request parameters have been accessed
-			
-			/*
-			InputStream in = req.getInputStream();
-
-			String paramName;
-			String paramValueURLEncoded;
-			do {
-				paramName = new String(readBytesUpTo(in, '='));
-				if (paramName.length() > 0) {
-					paramValueURLEncoded = readBytesUpTo(in, '&');
-					String paramValue = URLDecoder.decode(paramValueURLEncoded,
-							"UTF-8");
-					parameters.put(paramName, paramValue);
-				}
-			} while (paramName.length() > 0);
-			in.close();
-			*/
-			
-			Iterator<Entry<String, String[]>> requestParamIt = req.getParameterMap().entrySet().iterator();
-			while (requestParamIt.hasNext()) {
-				Entry<String, String[]> entry = requestParamIt.next();
-				String key = entry.getKey();
-				String[] values = entry.getValue();
-				// take the last value from the value array since the legacy code above also does it this way
-				parameters.put(key, ArrayUtils.isEmpty(values) ? null : values[values.length-1]); 
-			}
-			
-		}
-
-		return parameters;
-	}
-
-	/**
-	 * Reads bytes up to a delimiter, consuming the delimiter.
-	 * 
-	 * @param in
-	 *            input stream
-	 * @param delimiter
-	 *            delimiter character
-	 * @return String constructed from the read bytes
-	 * @throws IOException
-	 */
-	protected String readBytesUpTo(InputStream in, char delimiter)
-			throws IOException {
-		ByteArrayOutputStream bout = new ByteArrayOutputStream();
-		boolean done = false;
-		int b;
-		while (!done && (b = in.read()) >= 0) {
-			if (b == delimiter)
-				done = true;
-			else
-				bout.write(b);
-		}
-		return bout.toString();
-	}
-
-	/**
-	 * Sets response headers that prevent caching (code taken from {@link AuthServlet}).
-	 * 
-	 * @param resp
-	 *            The HttpServletResponse.
-	 */
-	public void setNoCachingHeaders(HttpServletResponse resp) {
-		resp.setHeader(HEADER_EXPIRES, HEADER_VALUE_EXPIRES);
-		resp.setHeader(HEADER_PRAGMA, HEADER_VALUE_PRAGMA);
-		resp.setHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL);
-		resp.addHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL_IE);
-	}
-
-	/**
-	 * Adds a parameter to a URL.
-	 * 
-	 * @param url
-	 *            the URL
-	 * @param paramname
-	 *            parameter name
-	 * @param paramvalue
-	 *            parameter value
-	 * @return the URL with parameter added
-	 */
-	protected static String addURLParameter(String url, String paramname,
-			String paramvalue) {
-		String param = paramname + "=" + paramvalue;
-		if (url.indexOf("?") < 0)
-			return url + "?" + param;
-		else
-			return url + "&" + param;
-	}
-
-	/**
-	 * Checks if HTTP requests are allowed
-	 * 
-	 * @param authURL
-	 *            requestURL
-	 * @throws AuthenticationException
-	 *             if HTTP requests are not allowed
-	 * @throws ConfigurationException
-	 */
-	protected void checkIfHTTPisAllowed(String authURL)
-			throws AuthenticationException, ConfigurationException {
-		// check if HTTP Connection may be allowed (through
-		// FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
-		
-		//Removed from MOA-ID 2.0 config
-//		String boolStr = AuthConfigurationProvider
-//				.getInstance()
-//				.getGenericConfigurationParameter(
-//						AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
-		if ((!authURL.startsWith("https:"))
-				//&& (false == BoolUtils.valueOf(boolStr))
-				)
-			throw new AuthenticationException("auth.07", new Object[] { authURL
-					+ "*" });
-
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java
index 4bcf717c5..bc73a9f2f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java
@@ -9,13 +9,13 @@ import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang3.BooleanUtils;
 
 import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
 import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
@@ -37,7 +37,7 @@ import at.gv.egovernment.moa.logging.Logger;
  * </ul>
  * Result:
  * <ul>
- * <li>Responds with {@code InfoBoxReadRequest} (for CCE), {@code DataURL} is {@code {/VerifyCertificate}</li>
+ * <li>Responds with {@code InfoBoxReadRequest} (for CCE), {@code DataURL} is {@code /VerifyCertificate}</li>
  * </ul>
  * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet}.
  * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
index 08030e623..4cd1ea94e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
@@ -14,6 +14,7 @@ import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
index 4e535b83d..4771628a3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
@@ -23,6 +23,7 @@ import at.gv.egovernment.moa.id.auth.data.IdentityLink;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.client.SZRGWClientException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
index 6714dfb53..f08f96782 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
@@ -20,6 +20,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
 import at.gv.egovernment.moa.id.config.ConnectionParameter;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
index d7b35236e..36d6ea555 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
@@ -11,6 +11,7 @@ import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
index 060bdf72c..1e1a4df89 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
@@ -24,6 +24,7 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.ConnectionParameter;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
index af0c4c897..32ea7fe3a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
@@ -18,6 +18,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
index 75fdd19aa..bf10b3681 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
@@ -15,6 +15,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/registration/ModuleRegistration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/registration/ModuleRegistration.java
new file mode 100644
index 000000000..c2a34ff21
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/registration/ModuleRegistration.java
@@ -0,0 +1,149 @@
+package at.gv.egovernment.moa.id.auth.modules.registration;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Comparator;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.ServiceLoader;
+
+import javax.annotation.PostConstruct;
+
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
+import org.springframework.core.io.Resource;
+
+import at.gv.egovernment.moa.id.auth.modules.AuthModule;
+import at.gv.egovernment.moa.id.process.ProcessDefinitionParserException;
+import at.gv.egovernment.moa.id.process.ProcessEngine;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+
+/**
+ * This class handles registering modules. The modules are detected either with
+ * the ServiceLoader mechanism or via Spring. All detected modules are ranked
+ * according to their priority.
+ */
+public class ModuleRegistration {
+
+	private static ModuleRegistration instance = new ModuleRegistration();
+
+	private List<AuthModule> priorizedModules = new ArrayList<>();
+
+	@Autowired
+	private ApplicationContext ctx;
+
+	@Autowired
+	private ProcessEngine processEngine;
+
+	private Logger log = LoggerFactory.getLogger(getClass());
+
+	public static ModuleRegistration getInstance() {
+		return instance;
+	}
+
+	private ModuleRegistration() {
+	}
+
+	@PostConstruct
+	private void init() {
+		// load modules via the ServiceLoader
+		initServiceLoaderModules();
+
+		// load modules via Spring
+		initSpringModules();
+
+		// order modules according to their priority
+		sortModules();
+	}
+	
+	/**
+	 * Discovers modules which use the ServiceLoader mechanism.
+	 */
+	private void initServiceLoaderModules() {
+		log.info("Looking for auth modules.");
+		ServiceLoader<AuthModule> loader = ServiceLoader.load(AuthModule.class);
+		Iterator<AuthModule> modules = loader.iterator();
+		while (modules.hasNext()) {
+			AuthModule module = modules.next();
+			log.info("Detected module {}", module.getClass().getName());
+			registerModuleProcessDefinitions(module);
+			priorizedModules.add(module);
+		}
+	}
+
+	/**
+	 * Discovers modules which use Spring.
+	 */
+	private void initSpringModules() {
+		log.debug("Discovering Spring modules.");
+		Map<String, AuthModule> modules = ctx.getBeansOfType(AuthModule.class);
+		for (AuthModule module : modules.values()) {
+			registerModuleProcessDefinitions(module);
+			priorizedModules.add(module);
+		}
+	}
+
+	/**
+	 * Registers the resource uris for the module.
+	 * 
+	 * @param module
+	 *            the module.
+	 */
+	private void registerModuleProcessDefinitions(AuthModule module) {
+		for (String uri : module.getProcessDefinitions()) {
+			Resource resource = ctx.getResource(uri);
+			if (resource.isReadable()) {
+				log.info("Registering process definition '{}'.", uri);
+				try (InputStream processDefinitionInputStream = resource.getInputStream()) {
+					processEngine.registerProcessDefinition(processDefinitionInputStream);
+				} catch (IOException e) {
+					log.error("Process definition '{}' could NOT be read.", uri, e);
+				} catch (ProcessDefinitionParserException e) {
+					log.error("Error while parsing process definition '{}'", uri, e);
+				}
+			} else {
+				log.error("Process definition '{}' cannot be read.", uri);
+			}
+		}
+	}
+
+	/**
+	 * Order the modules in descending order according to their priority.
+	 */
+	private void sortModules() {
+		Collections.sort(priorizedModules, new Comparator<AuthModule>() {
+			@Override
+			public int compare(AuthModule thisAuthModule, AuthModule otherAuthModule) {
+				int thisOrder = thisAuthModule.getPriority();
+				int otherOrder = otherAuthModule.getPriority();
+				return (thisOrder < otherOrder ? -1 : (thisOrder == otherOrder ? 0 : 1));
+			}
+		});
+	}
+
+	/**
+	 * Returns the process id of the first process, in the highest ranked
+	 * module, which is able to work with the given execution context.
+	 * 
+	 * @param context
+	 *            the {@link ExecutionContext}.
+	 * @return the process id or {@code null}
+	 */
+	public String selectProcess(ExecutionContext context) {
+		for (AuthModule module : priorizedModules) {
+			String id = module.selectProcess(context);
+			if (StringUtils.isNotEmpty(id)) {
+				log.debug("Process with id '{}' selected, for context '{}'.", id, context);
+				return id;
+			}
+		}
+		log.info("No process is able to handle context '{}'.", context);
+		return null;
+	}
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthModuleImpl.java
deleted file mode 100644
index 55a7907ed..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthModuleImpl.java
+++ /dev/null
@@ -1,39 +0,0 @@
-package at.gv.egovernment.moa.id.auth.modules.stork;
-
-import org.apache.commons.lang3.StringUtils;
-
-import at.gv.egovernment.moa.id.moduls.moduleregistration.AuthModule;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-
-/**
- * Module descriptor for an auth module providing stork authentication related processes.
- * @author tknall
- */
-public class STORKAuthModuleImpl implements AuthModule {
-	
-	private int priority = 0;
-
-	@Override
-	public int getPriority() {
-		return priority;
-	}
-
-	/**
-	 * Sets the priority of this module. Default value is {@code 0}.
-	 * @param priority The priority.
-	 */
-	public void setPriority(int priority) {
-		this.priority = priority;
-	}
-
-	@Override
-	public String selectProcess(ExecutionContext context) {
-		return StringUtils.isNotBlank((String) context.get("ccc")) ? "STORKAuthentication" : null;
-	}
-
-	@Override
-	public String[] getProcessDefinitions() {
-		return new String[] { "classpath:at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthentication.process.xml" };
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORKWebApplicationInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORKWebApplicationInitializer.java
deleted file mode 100644
index 7478a57c3..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORKWebApplicationInitializer.java
+++ /dev/null
@@ -1,37 +0,0 @@
-package at.gv.egovernment.moa.id.auth.modules.stork;
-
-import javax.servlet.ServletContext;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRegistration;
-
-import org.springframework.web.WebApplicationInitializer;
-
-import at.gv.egovernment.moa.id.auth.servlet.ProcessEngineSignalServlet;
-
-/**
- * Spring automatically discovers {@link WebApplicationInitializer} implementations at startup.<br/>
- * This STORK webapp initializer adds the required servlet mappings:
- * <ul>
- * <li>{@code /PEPSConnector}</li>
- * <li>{@code /PEPSConnectorWithLocalSigning}</li>
- * </ul>
- * for the {@linkplain ProcessEngineSignalServlet process engine servlet} (named {@code ProcessEngineSignal}) that wakes
- * up a process in order to execute asynchronous tasks. Therefore the servlet mappings mentioned above do not need to be
- * declared in {@code web.xml}.
- * 
- * @author tknall
- * @see ProcessEngineSignalServlet
- */
-public class STORKWebApplicationInitializer implements WebApplicationInitializer {
-
-	@Override
-	public void onStartup(ServletContext servletContext) throws ServletException {
-		ServletRegistration servletRegistration = servletContext.getServletRegistration("ProcessEngineSignal");
-		if (servletRegistration == null) {
-			throw new IllegalStateException("Servlet 'ProcessEngineSignal' expected to be registered.");
-		}
-		servletRegistration.addMapping("/PEPSConnectorWithLocalSigning");
-		servletRegistration.addMapping("/PEPSConnector");
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/AbstractPepsConnectorWithLocalSigningTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/AbstractPepsConnectorWithLocalSigningTask.java
deleted file mode 100644
index 202e405ef..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/AbstractPepsConnectorWithLocalSigningTask.java
+++ /dev/null
@@ -1,223 +0,0 @@
-package at.gv.egovernment.moa.id.auth.modules.stork.tasks;
-
-import iaik.x509.X509Certificate;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.UnsupportedEncodingException;
-import java.security.cert.CertificateException;
-import java.util.HashMap;
-
-import javax.activation.DataSource;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBException;
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.TransformerConfigurationException;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactoryConfigurationError;
-
-import org.apache.commons.io.IOUtils;
-import org.xml.sax.SAXException;
-
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.BKUException;
-import at.gv.egovernment.moa.id.auth.exception.BuildException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.exception.ParseException;
-import at.gv.egovernment.moa.id.auth.exception.ServiceException;
-import at.gv.egovernment.moa.id.auth.modules.internal.tasks.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.stork.STORKException;
-import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.spss.MOAException;
-import at.gv.egovernment.moa.spss.api.SPSSFactory;
-import at.gv.egovernment.moa.spss.api.SignatureVerificationService;
-import at.gv.egovernment.moa.spss.api.common.Content;
-import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureInfo;
-import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureLocation;
-import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
-import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
-import at.gv.util.xsd.xmldsig.SignatureType;
-import at.gv.util.xsd.xmldsig.X509DataType;
-import eu.stork.oasisdss.api.LightweightSourceResolver;
-import eu.stork.oasisdss.api.exceptions.ApiUtilsException;
-import eu.stork.oasisdss.api.exceptions.UtilsException;
-import eu.stork.oasisdss.profile.SignResponse;
-import eu.stork.peps.auth.commons.IPersonalAttributeList;
-
-public abstract class AbstractPepsConnectorWithLocalSigningTask extends AbstractAuthServletTask {
-
-	String getCitizienSignatureFromSignResponse(SignResponse dssSignResponse) throws IllegalArgumentException,
-			TransformerConfigurationException, UtilsException, TransformerException,
-			TransformerFactoryConfigurationError, IOException, ApiUtilsException {
-		// fetch signed doc
-		DataSource ds = LightweightSourceResolver.getDataSource(dssSignResponse);
-		if (ds == null) {
-			throw new ApiUtilsException("No datasource found in response");
-		}
-
-		InputStream incoming = ds.getInputStream();
-		String citizenSignature = IOUtils.toString(incoming);
-		incoming.close();
-
-		return citizenSignature;
-	}
-
-	void SZRGInsertion(AuthenticationSession moaSession, IPersonalAttributeList personalAttributeList,
-			String authnContextClassRef, String citizenSignature) throws STORKException, MOAIDException {
-		Logger.debug("Foregin Citizen signature successfully extracted from STORK Assertion (signedDoc)");
-		Logger.debug("Citizen signature will be verified by SZR Gateway!");
-
-		Logger.debug("fetching OAParameters from database");
-
-		OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
-				moaSession.getPublicOAURLPrefix());
-		if (oaParam == null)
-			throw new AuthenticationException("auth.00", new Object[] { moaSession.getPublicOAURLPrefix() });
-
-		// retrieve target
-		// TODO: check in case of SSO!!!
-		String targetType = null;
-		if (oaParam.getBusinessService()) {
-			String id = oaParam.getIdentityLinkDomainIdentifier();
-			if (id.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_))
-				targetType = id;
-			else
-				targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_ + moaSession.getDomainIdentifier();
-		} else {
-			targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget();
-		}
-
-		Logger.debug("Starting connecting SZR Gateway");
-		// contact SZR Gateway
-		IdentityLink identityLink = null;
-
-		identityLink = STORKResponseProcessor.connectToSZRGateway(personalAttributeList, oaParam.getFriendlyName(),
-				targetType, null, oaParam.getMandateProfiles(), citizenSignature);
-		Logger.debug("SZR communication was successfull");
-
-		if (identityLink == null) {
-			Logger.error("SZR Gateway did not return an identity link.");
-			throw new MOAIDException("stork.10", null);
-		}
-		Logger.info("Received Identity Link from SZR Gateway");
-		moaSession.setIdentityLink(identityLink);
-
-		Logger.debug("Adding addtional STORK attributes to MOA session");
-		moaSession.setStorkAttributes(personalAttributeList);
-
-		// We don't have BKUURL, setting from null to "Not applicable"
-		moaSession.setBkuURL("Not applicable (STORK Authentication)");
-
-		// free for single use
-		moaSession.setAuthenticatedUsed(false);
-
-		// stork did the authentication step
-		moaSession.setAuthenticated(true);
-
-		// TODO: found better solution, but QAA Level in response could be not supported yet
-		try {
-			if (authnContextClassRef == null)
-				authnContextClassRef = PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel();
-			moaSession.setQAALevel(authnContextClassRef);
-
-		} catch (Throwable e) {
-			Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level");
-			moaSession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel());
-
-		}
-
-	}
-
-	X509Certificate getSignerCertificate(String citizenSignature) throws CertificateException, JAXBException,
-			UnsupportedEncodingException {
-		JAXBContext ctx = JAXBContext.newInstance(SignatureType.class.getPackage().getName());
-		SignatureType root = ((JAXBElement<SignatureType>) ctx.createUnmarshaller().unmarshal(
-				IOUtils.toInputStream(citizenSignature))).getValue();
-
-		// extract certificate
-		for (Object current : root.getKeyInfo().getContent())
-			if (((JAXBElement<?>) current).getValue() instanceof X509DataType) {
-				for (Object currentX509Data : ((JAXBElement<X509DataType>) current).getValue()
-						.getX509IssuerSerialOrX509SKIOrX509SubjectName()) {
-					JAXBElement<?> casted = ((JAXBElement<?>) currentX509Data);
-					if (casted.getName().getLocalPart().equals("X509Certificate")) {
-						return new X509Certificate(((String) casted.getValue()).getBytes("UTF-8"));
-					}
-				}
-			}
-		return null;
-	}
-
-	VerifyXMLSignatureResponse verifyXMLSignature(String signature) throws AuthenticationException, ParseException,
-			BKUException, BuildException, ConfigurationException, ServiceException, UnsupportedEncodingException,
-			SAXException, IOException, ParserConfigurationException, MOAException {
-		// Based on MOA demo client
-		// Factory und Service instanzieren
-		SPSSFactory spssFac = SPSSFactory.getInstance();
-		SignatureVerificationService sigVerifyService = SignatureVerificationService.getInstance();
-
-		Content sigDocContent1 = spssFac.createContent(IOUtils.toInputStream(signature, "UTF-8"), null);
-
-		// Position der zu prüfenden Signatur im Dokument angeben
-		// (Nachdem im XPath-Ausdruck ein NS-Präfix verwendet wird, muss in einer Lookup-Tabelle
-		// der damit bezeichnete Namenraum mitgegeben werden)
-		HashMap nSMap = new HashMap();
-		nSMap.put("dsig", "http://www.w3.org/2000/09/xmldsig#");
-		VerifySignatureLocation sigLocation = spssFac.createVerifySignatureLocation("//dsig:Signature", nSMap);
-
-		// Zu prüfendes Dokument und Signaturposition zusammenfassen
-
-		VerifySignatureInfo sigInfo = spssFac.createVerifySignatureInfo(sigDocContent1, sigLocation);
-
-		// Prüfrequest zusammenstellen
-		VerifyXMLSignatureRequest verifyRequest = spssFac.createVerifyXMLSignatureRequest(null, // Wird Prüfzeit nicht
-																								// angegeben, wird
-																								// aktuelle Zeit
-																								// verwendet
-				sigInfo, null, // Keine Ergänzungsobjekte notwendig
-				null, // Signaturmanifest-Prüfung soll nicht durchgeführt werden
-				false, // Hash-Inputdaten, d.h. tatsächlich signierte Daten werden nicht zurückgeliefert
-				"MOAIDBuergerkartePersonenbindungMitTestkarten");// TODO load from config
-		// "Test-Signaturdienste"); // ID des verwendeten Vertrauensprofils
-
-		VerifyXMLSignatureResponse verifyResponse = null;
-		try {
-			// Aufruf der Signaturprüfung
-			verifyResponse = sigVerifyService.verifyXMLSignature(verifyRequest);
-		} catch (MOAException e) {
-			// Service liefert Fehler
-			System.err.println("Die Signaturprüfung hat folgenden Fehler geliefert:");
-			System.err.println("Fehlercode: " + e.getMessageId());
-			System.err.println("Fehlernachricht: " + e.getMessage());
-			throw e;
-		}
-
-		return verifyResponse;
-	}
-
-	at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse convert(
-			VerifyXMLSignatureResponse xMLVerifySignatureResponse) {
-		at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse response = new at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse();
-		response.setCertificateCheckCode(xMLVerifySignatureResponse.getCertificateCheck().getCode());
-		response.setPublicAuthority(xMLVerifySignatureResponse.getSignerInfo().isPublicAuthority());
-		// response.setPublicAuthorityCode(publicAuthorityCode)
-		response.setQualifiedCertificate(xMLVerifySignatureResponse.getSignerInfo().isQualifiedCertificate());
-		response.setSignatureCheckCode(xMLVerifySignatureResponse.getSignatureCheck().getCode());
-		response.setSignatureManifestCheckCode(xMLVerifySignatureResponse.getSignatureManifestCheck().getCode());
-		// response.setSigningDateTime()
-		// response.setX509certificate(x509certificate)
-		response.setXmlDSIGManifestCheckCode(xMLVerifySignatureResponse.getSignatureManifestCheck().getCode());
-		// response.setXmlDSIGManigest(xMLVerifySignatureResponse.getSignatureManifestCheck())
-		// response.setXmlDsigSubjectName(xmlDsigSubjectName)
-		return response;
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
deleted file mode 100644
index ec7ee04a6..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
+++ /dev/null
@@ -1,112 +0,0 @@
-package at.gv.egovernment.moa.id.auth.modules.stork.tasks;
-
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.lang.StringEscapeUtils;
-import org.apache.commons.lang3.StringUtils;
-
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.modules.internal.tasks.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.config.stork.CPEPS;
-import at.gv.egovernment.moa.id.config.stork.STORKConfig;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * Creates a SAML2 STORK authentication request, embeds it in a form (in order to satisfy saml post binging) and returns the form withing the HttpServletResponse.<p/>
- * In detail:
- * <ul>
- * <li>Validates the stork configuration in order to make sure the selected country is supported.</li>
- * <li>Puts a flag ({@link #PROCESS_CTX_KEY_CPEPS_ISXMLSIGSUPPORTED}) into the ExecutionContext reflecting the capability of the C-PEPS to create xml signatures.</li>
- * <li>Invokes {@link AuthenticationServer#startSTORKAuthentication(HttpServletRequest, HttpServletResponse, AuthenticationSession)} which</li>
- * <ul>
- * <li>Creates and signs a SAML2 stork authentication request.</li>
- * <li>Creates a signature request for auth block signature (either to be performed by the C-PEPS or locally).</li>
- * <li>Using the velocity template engine in order to create a form with the embedded stork request.</li>
- * <li>Writes the form to the response output stream.</li>
- * </ul>
- * </ul>
- * Expects:
- * <ul>
- * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
- * <li>Property {@code ccc} set within the moa session.</li>
- * </ul>
- * Result:
- * <ul>
- * <li>Form containing a SAML2 Stork authentication request and an action url pointing to the selected C-PEPS.</li>
- * <li>Assertion consumer URL for C-PEPS set either to {@code /PEPSConnector} in case of a C-PEPS supporting xml signatures or {@code /PEPSConnectorWithLocalSigning} if the selected C-PEPS does not support xml signatures.</li>
- * <li>In case of a C-PEPS not supporting xml signature: moasession with set signedDoc property (containing the signature request for local signing).</li>
- * <li>ExecutionContext contains the boolean flag {@link #PROCESS_CTX_KEY_CPEPS_ISXMLSIGSUPPORTED}.
- * </ul>
- * Code taken from {@link StartAuthenticationBuilder#build(AuthenticationSession, HttpServletRequest, HttpServletResponse)}.<br/>
- * Using {@link AuthenticationServer#startSTORKAuthentication(HttpServletRequest, HttpServletResponse, AuthenticationSession)}
- * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
- */
-public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask {
-
-	/**
-	 * Boolean value reflecting the capability of the selected c-peps of creating xml signatures.
-	 */
-	public static final String PROCESS_CTX_KEY_CPEPS_ISXMLSIGSUPPORTED = "C-PEPS:XMLSignatureSupported";
-
-	@Override
-	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
-			throws Exception {
-
-		String pendingRequestID = null;
-		String sessionID = null;
-		try {
-			setNoCachingHeaders(resp);
-
-			sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID));
-			// check parameter
-			if (!ParamValidatorUtils.isValidSessionID(sessionID)) {
-				throw new WrongParametersException("CreateStorkAuthRequestFormTask", PARAM_SESSIONID, "auth.12");
-			}
-			AuthenticationSession moasession = AuthenticationServer.getSession(sessionID);
-			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
-
-			if (StringUtils.isEmpty(moasession.getCcc())) {
-				// illegal state; task should not have been executed without a selected country
-				throw new AuthenticationException("stork.22", new Object[] { sessionID });
-			}
-			STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig();
-			if (!storkConfig.isSTORKAuthentication(moasession.getCcc())) {
-				throw new AuthenticationException("stork.23", new Object[] { moasession.getCcc(), sessionID });
-			}
-
-			// STORK authentication
-			// cpeps cannot be null
-			CPEPS cpeps = storkConfig.getCPEPS(moasession.getCcc());
-			Logger.debug("Found C-PEPS configuration for citizen of country: " + moasession.getCcc());
-			executionContext.put(PROCESS_CTX_KEY_CPEPS_ISXMLSIGSUPPORTED, cpeps.isXMLSignatureSupported());
-
-			Logger.info("Starting STORK authentication for a citizen of country: " + moasession.getCcc());
-			AuthenticationServer.startSTORKAuthentication(req, resp, moasession);
-
-		} catch (MOAIDException ex) {
-			handleError(null, ex, req, resp, pendingRequestID);
-
-		} catch (Exception e) {
-			Logger.error("CreateStorkAuthRequestFormTask has an interal Error.", e);
-			throw new MOAIDException("Internal error.", new Object[] { sessionID }, e);
-		}
-
-		finally {
-			ConfigurationDBUtils.closeSession();
-		}
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java
deleted file mode 100644
index 077bb2dee..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java
+++ /dev/null
@@ -1,216 +0,0 @@
-package at.gv.egovernment.moa.id.auth.modules.stork.tasks;
-
-import iaik.x509.X509Certificate;
-
-import java.io.IOException;
-import java.io.StringWriter;
-import java.util.ArrayList;
-import java.util.List;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.transform.Source;
-import javax.xml.transform.stream.StreamSource;
-
-import org.apache.commons.codec.binary.Base64;
-import org.apache.velocity.Template;
-import org.apache.velocity.VelocityContext;
-import org.apache.velocity.app.VelocityEngine;
-
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.stork.STORKException;
-import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
-import at.gv.egovernment.moa.id.moduls.ModulUtils;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.VelocityProvider;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
-import eu.stork.oasisdss.api.ApiUtils;
-import eu.stork.oasisdss.profile.SignResponse;
-import eu.stork.peps.auth.commons.IPersonalAttributeList;
-import eu.stork.peps.auth.commons.PersonalAttribute;
-
-/**
- * Processes the citizen's signature, creates identity link using szr gateway and finalizes authentication.
- * <p/>
- * In detail:
- * <ul>
- * <li>Changes moa session id.</li>
- * <li>Decodes and validates the sign response, extracting the citizen's signature.</li>
- * <li>Verifies the citizen's signature.</li>
- * <li>Create {@code signedDoc} attribute.</li>
- * <li>Retrieve identity link from SZR gateway using the citizen's signature.</li>
- * <li>If the S-PEPS did not provide any gender information, the szr gateway will not be able to issue an identity link.
- * Therefore a form is presented asking for the subject's gender. The form finally submits the user back to the
- * {@code /PepsConnectorWithLocalSigning} servlet (this task).</li>
- * <li>The moa session is updated with authentication information.</li>
- * <li>Change moa session id.</li>
- * <li>Redirects back to {@code /dispatcher} in order to finalize the authentication.</li>
- * </ul>
- * Expects:
- * <ul>
- * <li>HttpServletRequest parameter {@code moaSessionID}</li>
- * <li>HttpServletRequest parameter {@code signresponse}</li>
- * </ul>
- * Result:
- * <ul>
- * <li>Updated moa id session (signed auth block, signer certificate etc.)</li>
- * <li>Redirect to {@code /dispatcher}.</li>
- * <li>{@link ExecutionContext} contains boolean flag {@code identityLinkAvailable} indicating if an identitylink has been successfully creates or not.</li>
- * </ul>
- * Possible branches:
- * <ul>
- * <li>In case the szr gateway throws exception due to missing gender information:
- * <ul>
- * <li>Returns a form for gender selection with action url back to this servlet/task.</li>
- * </ul>
- * </li>
- * </ul>
- * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet}.<br/>
- *
- * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
- */
-public class PepsConnectorHandleLocalSignResponseTask extends AbstractPepsConnectorWithLocalSigningTask {
-
-	@Override
-	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
-			throws Exception {
-		String moaSessionID = request.getParameter("moaSessionID");
-		String signResponse = request.getParameter("signresponse");
-		Logger.info("moaSessionID:" + moaSessionID);
-		Logger.info("signResponse:" + signResponse);
-
-		if (moaSessionID != null && signResponse != null) {
-			// redirect from oasis with signresponse
-			handleSignResponse(executionContext, request, response);
-		} else {
-			// should not occur
-			throw new IOException("should not occur");
-		}
-		return;
-	}
-
-	private void handleSignResponse(ExecutionContext executionContext, HttpServletRequest request,
-			HttpServletResponse response) {
-		Logger.info("handleSignResponse started");
-		String moaSessionID = request.getParameter("moaSessionID");
-		String signResponse = request.getParameter("signresponse");
-		Logger.info("moaSessionID:" + moaSessionID);
-		Logger.info("signResponse:" + signResponse);
-		String pendingRequestID = null;
-		try {
-
-			// load MOASession from database
-			AuthenticationSession moaSession = AuthenticationServer.getSession(moaSessionID);
-			// change MOASessionID
-			moaSessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
-
-			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);
-			Logger.info("pendingRequestID:" + pendingRequestID);
-			String signResponseString = new String(Base64.decodeBase64(signResponse), "UTF8");
-			Logger.info("RECEIVED signresponse:" + signResponseString);
-			// create SignResponse object
-			Source response1 = new StreamSource(new java.io.StringReader(signResponseString));
-			SignResponse dssSignResponse = ApiUtils.unmarshal(response1, SignResponse.class);
-
-			// SignResponse dssSignResponse = (SignResponse) ApiUtils.unmarshal(new StreamSource(new
-			// java.io.StringReader(Base64.signResponse)));
-
-			String citizenSignature = getCitizienSignatureFromSignResponse(dssSignResponse);
-
-			// memorize signature into authblock
-			moaSession.setAuthBlock(citizenSignature);
-
-			X509Certificate cert = getSignerCertificate(citizenSignature);
-			moaSession.setSignerCertificate(cert);
-			VerifyXMLSignatureResponse xMLVerifySignatureResponse = verifyXMLSignature(citizenSignature);
-			at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse tmp = convert(xMLVerifySignatureResponse);
-
-			moaSession.setXMLVerifySignatureResponse(tmp);
-			executionContext.put("identityLinkAvailable", false);
-			try {
-				IPersonalAttributeList personalAttributeList = moaSession.getAuthnResponseGetPersonalAttributeList();
-				// Add SignResponse TODO Add signature (extracted from signResponse)?
-				List<String> values = new ArrayList<String>();
-				values.add(signResponseString);
-				// values.add(citizenSignature);
-				Logger.debug("Assembling signedDoc attribute");
-				PersonalAttribute signedDocAttribute = new PersonalAttribute("signedDoc", false, values, "Available");
-				personalAttributeList.add(signedDocAttribute);
-
-				String authnContextClassRef = moaSession.getAuthnContextClassRef();
-				SZRGInsertion(moaSession, personalAttributeList, authnContextClassRef, citizenSignature);
-				executionContext.put("identityLinkAvailable", true);
-			} catch (STORKException e) {
-				// this is really nasty but we work against the system here. We are supposed to get the gender attribute
-				// from
-				// stork. If we do not, we cannot register the person in the ERnP - we have to have the
-				// gender for the represented person. So here comes the dirty hack.
-				if (e.getCause() instanceof STORKException
-						&& e.getCause().getMessage().equals("gender not found in response")) {
-					try {
-						Logger.trace("Initialize VelocityEngine...");
-
-						VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
-						Template template = velocityEngine.getTemplate("/resources/templates/fetchGender.html");
-						VelocityContext context = new VelocityContext();
-						context.put("SAMLResponse", request.getParameter("SAMLResponse"));
-						context.put("action", request.getRequestURL());
-
-						StringWriter writer = new StringWriter();
-						template.merge(context, writer);
-						response.getOutputStream().write(writer.toString().getBytes("UTF-8"));
-					} catch (Exception e1) {
-						Logger.error("Error sending gender retrival form.", e1);
-						// httpSession.invalidate();
-						throw new MOAIDException("stork.10", null);
-					}
-
-					return;
-				}
-
-				Logger.error("Error connecting SZR Gateway", e);
-				throw new MOAIDException("stork.10", null);
-			}
-
-			Logger.debug("Add full STORK AuthnResponse to MOA session");
-			moaSession.setStorkAuthnResponse(request.getParameter("SAMLResponse"));// TODO ask Florian/Thomas
-																					// authnResponse?
-			moaSession.setForeigner(true);
-
-			// session is implicit stored in changeSessionID!!!!
-			String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
-
-			Logger.info("Changed MOASession " + moaSessionID + " to Session " + newMOASessionID);
-
-			// redirect
-			String redirectURL = null;
-			redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(),
-					ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction(), pendingRequestID),
-					newMOASessionID);
-			redirectURL = response.encodeRedirectURL(redirectURL);
-
-			response.sendRedirect(redirectURL);
-			Logger.info("REDIRECT TO: " + redirectURL);
-
-		} catch (AuthenticationException e) {
-			handleError(null, e, request, response, pendingRequestID);
-
-		} catch (MOAIDException e) {
-			handleError(null, e, request, response, pendingRequestID);
-
-		} catch (Exception e) {
-			Logger.error("PEPSConnector has an interal Error.", e);
-		}
-
-		finally {
-			ConfigurationDBUtils.closeSession();
-		}
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java
deleted file mode 100644
index 3338804b4..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java
+++ /dev/null
@@ -1,439 +0,0 @@
-package at.gv.egovernment.moa.id.auth.modules.stork.tasks;
-
-import iaik.x509.X509Certificate;
-
-import java.io.IOException;
-import java.io.StringWriter;
-import java.util.ArrayList;
-import java.util.List;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.transform.Source;
-import javax.xml.transform.stream.StreamSource;
-
-import org.apache.commons.codec.binary.Base64;
-import org.apache.commons.io.IOUtils;
-import org.apache.commons.lang.StringEscapeUtils;
-import org.apache.velocity.Template;
-import org.apache.velocity.VelocityContext;
-import org.apache.velocity.app.VelocityEngine;
-import org.opensaml.saml2.core.StatusCode;
-
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet;
-import at.gv.egovernment.moa.id.auth.stork.STORKException;
-import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
-import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
-import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.moduls.ModulUtils;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.HTTPUtils;
-import at.gv.egovernment.moa.id.util.VelocityProvider;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.StringUtils;
-import eu.stork.oasisdss.api.ApiUtils;
-import eu.stork.oasisdss.profile.SignRequest;
-import eu.stork.oasisdss.profile.SignResponse;
-import eu.stork.peps.auth.commons.IPersonalAttributeList;
-import eu.stork.peps.auth.commons.PEPSUtil;
-import eu.stork.peps.auth.commons.PersonalAttribute;
-import eu.stork.peps.auth.commons.STORKAuthnRequest;
-import eu.stork.peps.auth.commons.STORKAuthnResponse;
-import eu.stork.peps.auth.engine.STORKSAMLEngine;
-import eu.stork.peps.exceptions.STORKSAMLEngineException;
-
-/**
- * Validates the SAML response from C-PEPS.
- * <p/>
- * In detail:
- * <ul>
- * <li>Decodes and validates SAML response from C-PEPS.</li>
- * <li>Retrieves the moa session using the session id provided by HttpServletRequest parameter {@code RelayState} or by {@code inResponseTo} attribute of the saml response.</li>
- * <li>Store saml response in moa session.</li>
- * <li>Change moa session id.</li>
- * <li>Redirect to {@code /PEPSConnectorWithLocalSigning}, with providing the moa session id as request parameter.</li>
- * </ul>
- * Expects:
- * <ul>
- * <li>HttpServletRequest parameter {@code moaSessionID} <strong>to be {@code null}</strong></li>
- * <li>HttpServletRequest parameter {@code signresponse} <strong>to be {@code null}</strong></li>
- * <li>HttpServletRequest parameter {@code SAMLResponse}</li>
- * <li>Either HttpServletRequest parameter {@code RelayState} or {@code inResponseTo} attribute within the saml response, both reflecting the moa session id.</li>
- * </ul>
- * Result:
- * <ul>
- * <li>Updated moa session (with saml response).</li>
- * <li>Redirect to {@code /PEPSConnectorWithLocalSigning}, with providing the moa session id as request parameter.</li>
- * </ul>
- * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet}.<br/>
- *
- * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
- */
-public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPepsConnectorWithLocalSigningTask {
-
-	private String oasisDssWebFormURL = "https://testvidp.buergerkarte.at/oasis-dss/DSSWebFormServlet";
-	// load from config below
-
-	@Override
-	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
-			throws Exception {
-		String moaSessionID = request.getParameter("moaSessionID");
-		String signResponse = request.getParameter("signresponse");
-		Logger.info("moaSessionID:" + moaSessionID);
-		Logger.info("signResponse:" + signResponse);
-
-		if (moaSessionID == null && signResponse == null) {
-			// normal saml response
-			handleSAMLResponse(executionContext, request, response);
-
-		} else {
-			// should not occur
-			throw new IOException("should not occur");
-		}
-		return;
-	}
-
-	private void handleSAMLResponse(ExecutionContext executionContext, HttpServletRequest request,
-			HttpServletResponse response) {
-		Logger.info("handleSAMLResponse started");
-		String pendingRequestID = null;
-
-		setNoCachingHeaders(response);
-		try {
-			Logger.info("PEPSConnector Servlet invoked, expecting C-PEPS message.");
-			Logger.debug("This ACS endpoint is: " + HTTPUtils.getBaseURL(request));
-
-			Logger.trace("No Caching headers set for HTTP response");
-
-			// check if https or only http
-			super.checkIfHTTPisAllowed(request.getRequestURL().toString());
-
-			Logger.debug("Beginning to extract SAMLResponse out of HTTP Request");
-
-			// extract STORK Response from HTTP Request
-			// Decodes SAML Response
-			byte[] decSamlToken;
-			try {
-				decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLResponse"));
-				Logger.debug("SAMLResponse: " + new String(decSamlToken));
-
-			} catch (NullPointerException e) {
-				Logger.error("Unable to retrieve STORK Response", e);
-				throw new MOAIDException("stork.04", null);
-			}
-
-			// Get SAMLEngine instance
-			STORKSAMLEngine engine = STORKSAMLEngine.getInstance("outgoing");
-
-			STORKAuthnResponse authnResponse = null;
-			try {
-				// validate SAML Token
-				Logger.debug("Starting validation of SAML response");
-				authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, (String) request.getRemoteHost());
-				Logger.info("SAML response succesfully verified!");
-			} catch (STORKSAMLEngineException e) {
-				Logger.error("Failed to verify STORK SAML Response", e);
-				throw new MOAIDException("stork.05", null);
-			}
-
-			Logger.info("STORK SAML Response message succesfully extracted");
-			Logger.debug("STORK response: ");
-			Logger.debug(authnResponse.toString());
-
-			Logger.debug("Trying to find MOA Session-ID ...");
-			// String moaSessionID = request.getParameter(PARAM_SESSIONID);
-			// first use SAML2 relayState
-			String moaSessionID = request.getParameter("RelayState");
-
-			// escape parameter strings
-			moaSessionID = StringEscapeUtils.escapeHtml(moaSessionID);
-
-			// check if SAML2 relaystate includes a MOA sessionID
-			if (StringUtils.isEmpty(moaSessionID)) {
-				// if relaystate is emtpty, use SAML response -> inResponseTo element as session identifier
-
-				moaSessionID = authnResponse.getInResponseTo();
-				moaSessionID = StringEscapeUtils.escapeHtml(moaSessionID);
-
-				if (StringUtils.isEmpty(moaSessionID)) {
-					// No authentication session has been started before
-					Logger.error("MOA-SessionID was not found, no previous AuthnRequest had been started");
-					Logger.debug("PEPSConnectorURL was: " + request.getRequestURL());
-					throw new AuthenticationException("auth.02", new Object[] { moaSessionID });
-
-				} else
-					Logger.trace("Use MOA SessionID " + moaSessionID + " from AuthnResponse->inResponseTo attribute.");
-
-			} else
-				// Logger.trace("MOA SessionID " + moaSessionID + " is found in http GET parameter.");
-				Logger.trace("MOA SessionID " + moaSessionID + " is found in SAML2 relayState.");
-
-			/*
-			 * INFO!!!! SAML message IDs has an different format then MOASessionIDs This is only a workaround because
-			 * many PEPS does not support SAML2 relayState or MOASessionID as AttributConsumerServiceURL GET parameter
-			 */
-			// if (!ParamValidatorUtils.isValidSessionID(moaSessionID))
-			// throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12");
-
-			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);
-
-			// load MOASession from database
-			AuthenticationSession moaSession = AuthenticationServer.getSession(moaSessionID);
-			// change MOASessionID
-			moaSessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
-
-			Logger.info("Found MOA sessionID: " + moaSessionID);
-
-			String statusCodeValue = authnResponse.getStatusCode();
-
-			if (!statusCodeValue.equals(StatusCode.SUCCESS_URI)) {
-				Logger.error("Received ErrorResponse from PEPS: " + statusCodeValue);
-				throw new MOAIDException("stork.06", new Object[] { statusCodeValue });
-			}
-
-			Logger.info("Got SAML response with authentication success message.");
-
-			Logger.debug("MOA session is still valid");
-
-			STORKAuthnRequest storkAuthnRequest = moaSession.getStorkAuthnRequest();
-
-			if (storkAuthnRequest == null) {
-				Logger.error("Could not find any preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
-				throw new MOAIDException("stork.07", null);
-			}
-
-			Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
-
-			// //////////// incorporate gender from parameters if not in stork response
-
-			IPersonalAttributeList attributeList = authnResponse.getPersonalAttributeList();
-
-			// but first, check if we have a representation case
-			if (STORKResponseProcessor.hasAttribute("mandateContent", attributeList)
-					|| STORKResponseProcessor.hasAttribute("representative", attributeList)
-					|| STORKResponseProcessor.hasAttribute("represented", attributeList)) {
-				// in a representation case...
-				moaSession.setUseMandate("true");
-
-				// and check if we have the gender value
-				PersonalAttribute gender = attributeList.get("gender");
-				if (null == gender) {
-					String gendervalue = (String) request.getParameter("gender");
-					if (null != gendervalue) {
-						gender = new PersonalAttribute();
-						gender.setName("gender");
-						ArrayList<String> tmp = new ArrayList<String>();
-						tmp.add(gendervalue);
-						gender.setValue(tmp);
-
-						authnResponse.getPersonalAttributeList().add(gender);
-					}
-				}
-			}
-
-			
-			
-			// ////////////////////////////////////////////////////////////////////////
-
-			Logger.debug("Starting extraction of signedDoc attribute");
-			// extract signed doc element and citizen signature
-			String citizenSignature = null;
-			try {
-				PersonalAttribute signedDoc = authnResponse.getPersonalAttributeList().get("signedDoc");
-				String signatureInfo = null;
-				// FIXME: Remove nonsense code (signedDoc attribute... (throw Exception for "should not occur" situations)), adjust error messages in order to reflect the true problem...
-				if (signedDoc != null) {
-					signatureInfo = signedDoc.getValue().get(0);
-					// should not occur
-				} else {
-
-					// store SAMLResponse
-					moaSession.setSAMLResponse(request.getParameter("SAMLResponse"));
-					// store authnResponse
-
-					// moaSession.setAuthnResponse(authnResponse);//not serializable
-					moaSession.setAuthnResponseGetPersonalAttributeList(authnResponse.getPersonalAttributeList());
-
-					String authnContextClassRef = null;
-					try {
-						authnContextClassRef = authnResponse.getAssertions().get(0).getAuthnStatements().get(0)
-								.getAuthnContext().getAuthnContextClassRef().getAuthnContextClassRef();
-					} catch (Throwable e) {
-						Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level");
-					}
-
-					moaSession.setAuthnContextClassRef(authnContextClassRef);
-					moaSession.setReturnURL(request.getRequestURL());
-
-					// load signedDoc
-					String signRequest = moaSession.getSignedDoc();
-
-					// session is implicit stored in changeSessionID!!!!
-					String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
-
-					// set return url to PEPSConnectorWithLocalSigningServlet and add newMOASessionID
-					// signRequest
-
-					String issuerValue = AuthConfigurationProvider.getInstance().getPublicURLPrefix();
-					String acsURL = issuerValue
-							+ PEPSConnectorWithLocalSigningServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN;
-
-					String url = acsURL + "?moaSessionID=" + newMOASessionID;
-					// redirect to OASIS module and sign there
-
-					boolean found = false;
-					try {
-						List<AttributeProviderPlugin> aps = AuthConfigurationProvider.getInstance()
-								.getOnlineApplicationParameter(moaSession.getPublicOAURLPrefix()).getStorkAPs();
-						Logger.info("Found AttributeProviderPlugins:" + aps.size());
-						for (AttributeProviderPlugin ap : aps) {
-							Logger.info("Found AttributeProviderPlugin attribute:" + ap.getAttributes());
-							if (ap.getAttributes().equalsIgnoreCase("signedDoc")) {
-								// FIXME: A servlet's class field is not thread safe!!!
-								oasisDssWebFormURL = ap.getUrl();
-								found = true;
-								Logger.info("Loaded signedDoc attribute provider url from config:" + oasisDssWebFormURL);
-								break;
-							}
-						}
-					} catch (Exception e) {
-						e.printStackTrace();
-						Logger.error("Loading the signedDoc attribute provider url from config failed");
-					}
-					if (!found) {
-						Logger.error("Failed to load the signedDoc attribute provider url from config");
-					}
-					performRedirect(url, request, response, signRequest);
-
-					return;
-				}
-				
-				// FIXME: This servlet/task is intended to handle peps responses without signature, so why do we try to process that signature here?
-				SignResponse dssSignResponse = (SignResponse) ApiUtils.unmarshal(new StreamSource(
-						new java.io.StringReader(signatureInfo)));
-
-				citizenSignature = getCitizienSignatureFromSignResponse(dssSignResponse);
-
-				// memorize signature into authblock
-				moaSession.setAuthBlock(citizenSignature);
-
-				X509Certificate cert = getSignerCertificate(citizenSignature);
-				moaSession.setSignerCertificate(cert);
-				moaSession.setForeigner(true);
-
-			} catch (Throwable e) {
-				Logger.error("Could not extract citizen signature from C-PEPS", e);
-				throw new MOAIDException("stork.09", null);
-			}
-
-			// FIXME: Same here; we do not have the citizen's signature, so this code might be regarded as dead code.
-			try {
-				SZRGInsertion(moaSession, authnResponse.getPersonalAttributeList(), authnResponse.getAssertions()
-						.get(0).getAuthnStatements().get(0).getAuthnContext().getAuthnContextClassRef()
-						.getAuthnContextClassRef(), citizenSignature);
-			} catch (STORKException e) {
-				// this is really nasty but we work against the system here. We are supposed to get the gender attribute
-				// from
-				// stork. If we do not, we cannot register the person in the ERnP - we have to have the
-				// gender for the represented person. So here comes the dirty hack.
-				if (e.getCause() instanceof STORKException
-						&& e.getCause().getMessage().equals("gender not found in response")) {
-					try {
-						Logger.trace("Initialize VelocityEngine...");
-
-						VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
-						Template template = velocityEngine.getTemplate("/resources/templates/fetchGender.html");
-						VelocityContext context = new VelocityContext();
-						context.put("SAMLResponse", request.getParameter("SAMLResponse"));
-						context.put("action", request.getRequestURL());
-
-						StringWriter writer = new StringWriter();
-						template.merge(context, writer);
-
-						response.getOutputStream().write(writer.toString().getBytes("UTF-8"));
-					} catch (Exception e1) {
-						Logger.error("Error sending gender retrival form.", e1);
-						// httpSession.invalidate();
-						throw new MOAIDException("stork.10", null);
-					}
-
-					return;
-				}
-
-				Logger.error("Error connecting SZR Gateway", e);
-				throw new MOAIDException("stork.10", null);
-			}
-
-			Logger.debug("Add full STORK AuthnResponse to MOA session");
-			moaSession.setStorkAuthnResponse(request.getParameter("SAMLResponse"));// TODO ask Florian/Thomas
-																					// authnResponse?
-
-			// session is implicit stored in changeSessionID!!!!
-			String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
-
-			Logger.info("Changed MOASession " + moaSessionID + " to Session " + newMOASessionID);
-
-			// redirect
-			String redirectURL = null;
-			redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(),
-					ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction(), pendingRequestID),
-					newMOASessionID);
-			redirectURL = response.encodeRedirectURL(redirectURL);
-
-			response.setContentType("text/html");
-			response.setStatus(302);
-			response.addHeader("Location", redirectURL);
-			Logger.info("REDIRECT TO: " + redirectURL);
-
-		} catch (AuthenticationException e) {
-			handleError(null, e, request, response, pendingRequestID);
-
-		} catch (MOAIDException e) {
-			handleError(null, e, request, response, pendingRequestID);
-
-		} catch (Exception e) {
-			Logger.error("PEPSConnector has an interal Error.", e);
-		}
-
-		finally {
-			ConfigurationDBUtils.closeSession();
-		}
-
-	}
-
-	private void performRedirect(String url, HttpServletRequest req, HttpServletResponse resp, String signRequestString)
-			throws MOAIDException {
-
-		try {
-			Logger.trace("Initialize VelocityEngine...");
-
-			VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
-			Template template = velocityEngine.getTemplate("/resources/templates/oasis_dss_webform_binding.vm");
-			VelocityContext context = new VelocityContext();
-
-			Logger.debug("performRedirect, signrequest:" + signRequestString);
-			Source signDoc = new StreamSource(new java.io.StringReader(signRequestString));
-			SignRequest signRequest = ApiUtils.unmarshal(signDoc, SignRequest.class);
-			signRequest.setReturnURL("TODO");
-			signRequestString = IOUtils.toString(ApiUtils.marshalToInputStream(signRequest));
-			context.put("signrequest", Base64.encodeBase64String(signRequestString.getBytes("UTF8")));
-			context.put("clienturl", url);
-			context.put("action", oasisDssWebFormURL);
-
-			StringWriter writer = new StringWriter();
-			template.merge(context, writer);
-
-			resp.getOutputStream().write(writer.toString().getBytes("UTF-8"));
-		} catch (Exception e) {
-			Logger.error("Error sending DSS signrequest.", e);
-			throw new MOAIDException("stork.11", null);
-		}
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java
deleted file mode 100644
index 3fb4fb0a9..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java
+++ /dev/null
@@ -1,566 +0,0 @@
-package at.gv.egovernment.moa.id.auth.modules.stork.tasks;
-
-import iaik.x509.X509Certificate;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.StringWriter;
-import java.net.URL;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.List;
-import java.util.Properties;
-
-import javax.activation.DataSource;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBElement;
-import javax.xml.namespace.QName;
-import javax.xml.transform.stream.StreamSource;
-import javax.xml.ws.BindingProvider;
-import javax.xml.ws.Service;
-import javax.xml.ws.soap.SOAPBinding;
-
-import org.apache.commons.io.IOUtils;
-import org.apache.commons.lang.StringEscapeUtils;
-import org.apache.velocity.Template;
-import org.apache.velocity.VelocityContext;
-import org.apache.velocity.app.VelocityEngine;
-import org.opensaml.saml2.core.StatusCode;
-
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.modules.internal.tasks.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.stork.STORKException;
-import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
-import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.moduls.ModulUtils;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.HTTPUtils;
-import at.gv.egovernment.moa.id.util.VelocityProvider;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.StringUtils;
-import at.gv.util.xsd.xmldsig.SignatureType;
-import at.gv.util.xsd.xmldsig.X509DataType;
-import eu.stork.documentservice.DocumentService;
-import eu.stork.documentservice.data.DatabaseConnectorMySQLImpl;
-import eu.stork.oasisdss.api.ApiUtils;
-import eu.stork.oasisdss.api.LightweightSourceResolver;
-import eu.stork.oasisdss.api.exceptions.ApiUtilsException;
-import eu.stork.oasisdss.profile.DocumentType;
-import eu.stork.oasisdss.profile.DocumentWithSignature;
-import eu.stork.oasisdss.profile.SignResponse;
-import eu.stork.peps.auth.commons.IPersonalAttributeList;
-import eu.stork.peps.auth.commons.PEPSUtil;
-import eu.stork.peps.auth.commons.PersonalAttribute;
-import eu.stork.peps.auth.commons.PersonalAttributeList;
-import eu.stork.peps.auth.commons.STORKAttrQueryRequest;
-import eu.stork.peps.auth.commons.STORKAuthnRequest;
-import eu.stork.peps.auth.commons.STORKAuthnResponse;
-import eu.stork.peps.auth.engine.STORKSAMLEngine;
-import eu.stork.peps.exceptions.STORKSAMLEngineException;
-
-/**
- * Evaluates the SAML response from the C-PEPS and authenticates the user.
- * <p/>
- * In detail:
- * <ul>
- * <li>Decodes and validates the SAML response from the C-PEPS.</li>
- * <li>Change moa session id.</li>
- * <li>Extracts the subject's gender from request parameter {@code gender} if not available from the saml response.</li>
- * <li>Extracts the {@code signedDoc} attribute from the response, get signed doc payload using stork attribute query request.</li>
- * <li>Request SZR gateway for verification of the citizen's signature and for creating of an identity link.</li>
- * <li>In case of mandate mode: If the S-PEPS did not provide any gender information, the szr gateway will not be able to issue an identity link. Therefore a form is presented asking for the subject's gender. The form submits the user back to the {@code /PepsConnector} servlet (this task).</li>
- * <li>The moa session is updated with authentication information.</li>
- * <li>Change moa session id.</li>
- * <li>Redirects back to {@code /dispatcher} in order to finalize the authentication.</li>
- * </ul>
- * Expects:
- * <ul>
- * <li>HttpServletRequest parameter {@code SAMLResponse}</li>
- * <li>Either HttpServletRequest parameter {@code RelayState} or {@code inResponseTo} attribute from the SAML response (both depicting the moa session id)</li>
- * <li>HttpServletRequest parameter {@code gender} in case the request comes from the gender selection form</li>
- * <li>{@code signedDoc} attribute within the SAML response.</li>
- * </ul>
- * Result:
- * <ul>
- * <li>Updated moa id session (identity link, stork attributes...)</li>
- * <li>{@link ExecutionContext} contains boolean flag {@code identityLinkAvailable} indicating if an identitylink has been successfully creates or not.</li>
- * <li>Redirect to {@code /dispatcher}.</li> 
- * </ul>
- * Possible branches:
- * <ul>
- * <li>In case the szr gateway throws exception due to missing gender information:
- * <ul>
- * <li>Returns a form for gender selection with action url back to this servlet/task.</li>
- * </ul>
- * </li>
- * </ul>
- * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet}.<br/>
- *
- * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
- */
-public class PepsConnectorTask extends AbstractAuthServletTask {
-
-	private String dtlUrl = null;
-
-	public PepsConnectorTask() {
-		super();
-		Properties props = new Properties();
-		try {
-			props.load(DatabaseConnectorMySQLImpl.class.getResourceAsStream("docservice.properties"));
-			dtlUrl = props.getProperty("docservice.url");
-		} catch (IOException e) {
-			dtlUrl = "http://testvidp.buergerkarte.at/DocumentService/DocumentService";
-			Logger.error("Loading DTL config failed, using default value:" + dtlUrl);
-			e.printStackTrace();
-		}
-	}
-
-	@Override
-	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
-			throws Exception {
-		String pendingRequestID = null;
-
-		setNoCachingHeaders(response);
-
-		try {
-
-			Logger.info("PEPSConnector Servlet invoked, expecting C-PEPS message.");
-			Logger.debug("This ACS endpoint is: " + HTTPUtils.getBaseURL(request));
-
-			// check if https or only http
-			super.checkIfHTTPisAllowed(request.getRequestURL().toString());
-
-			Logger.debug("Beginning to extract SAMLResponse out of HTTP Request");
-
-			// extract STORK Response from HTTP Request
-			// Decodes SAML Response
-			byte[] decSamlToken;
-			try {
-				decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLResponse"));
-				Logger.debug("SAMLResponse: " + new String(decSamlToken));
-
-			} catch (NullPointerException e) {
-				Logger.error("Unable to retrieve STORK Response", e);
-				throw new MOAIDException("stork.04", null);
-			}
-
-			// Get SAMLEngine instance
-			STORKSAMLEngine engine = STORKSAMLEngine.getInstance("outgoing");
-
-			STORKAuthnResponse authnResponse = null;
-			try {
-				// validate SAML Token
-				Logger.debug("Starting validation of SAML response");
-				authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, (String) request.getRemoteHost());
-				Logger.info("SAML response succesfully verified!");
-			} catch (STORKSAMLEngineException e) {
-				Logger.error("Failed to verify STORK SAML Response", e);
-				throw new MOAIDException("stork.05", null);
-			}
-
-			Logger.info("STORK SAML Response message succesfully extracted");
-			Logger.debug("STORK response: ");
-			Logger.debug(authnResponse.toString());
-
-			Logger.debug("Trying to find MOA Session-ID ...");
-			// String moaSessionID = request.getParameter(PARAM_SESSIONID);
-			// first use SAML2 relayState
-			String moaSessionID = request.getParameter("RelayState");
-
-			// escape parameter strings
-			moaSessionID = StringEscapeUtils.escapeHtml(moaSessionID);
-
-			// check if SAML2 relaystate includes a MOA sessionID
-			if (StringUtils.isEmpty(moaSessionID)) {
-				// if relaystate is emtpty, use SAML response -> inResponseTo element as session identifier
-
-				moaSessionID = authnResponse.getInResponseTo();
-				moaSessionID = StringEscapeUtils.escapeHtml(moaSessionID);
-
-				if (StringUtils.isEmpty(moaSessionID)) {
-					// No authentication session has been started before
-					Logger.error("MOA-SessionID was not found, no previous AuthnRequest had been started");
-					Logger.debug("PEPSConnectorURL was: " + request.getRequestURL());
-					throw new AuthenticationException("auth.02", new Object[] { moaSessionID });
-
-				} else
-					Logger.trace("Use MOA SessionID " + moaSessionID + " from AuthnResponse->inResponseTo attribute.");
-
-			} else
-				// Logger.trace("MOA SessionID " + moaSessionID + " is found in http GET parameter.");
-				Logger.trace("MOA SessionID " + moaSessionID + " is found in SAML2 relayState.");
-
-			/*
-			 * INFO!!!! SAML message IDs has an different format then MOASessionIDs This is only a workaround because
-			 * many PEPS does not support SAML2 relayState or MOASessionID as AttributConsumerServiceURL GET parameter
-			 */
-			// if (!ParamValidatorUtils.isValidSessionID(moaSessionID))
-			// throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12");
-
-			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);
-
-			// load MOASession from database
-			AuthenticationSession moaSession = AuthenticationServer.getSession(moaSessionID);
-			// change MOASessionID
-			moaSessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
-
-			Logger.info("Found MOA sessionID: " + moaSessionID);
-
-			String statusCodeValue = authnResponse.getStatusCode();
-
-			if (!statusCodeValue.equals(StatusCode.SUCCESS_URI)) {
-				Logger.error("Received ErrorResponse from PEPS: " + statusCodeValue);
-				throw new MOAIDException("stork.06", new Object[] { statusCodeValue });
-			}
-
-			Logger.info("Got SAML response with authentication success message.");
-
-			Logger.debug("MOA session is still valid");
-
-			STORKAuthnRequest storkAuthnRequest = moaSession.getStorkAuthnRequest();
-
-			if (storkAuthnRequest == null) {
-				Logger.error("Could not find any preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
-				throw new MOAIDException("stork.07", null);
-			}
-
-			Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
-
-			// //////////// incorporate gender from parameters if not in stork response
-
-			IPersonalAttributeList attributeList = authnResponse.getPersonalAttributeList();
-
-			// but first, check if we have a representation case
-			if (STORKResponseProcessor.hasAttribute("mandateContent", attributeList)
-					|| STORKResponseProcessor.hasAttribute("representative", attributeList)
-					|| STORKResponseProcessor.hasAttribute("represented", attributeList)) {
-				// in a representation case...
-				moaSession.setUseMandate("true");
-
-				// and check if we have the gender value
-				PersonalAttribute gender = attributeList.get("gender"); // TODO Do we need to check gender value if
-																		// there is no representation case?
-				if (null == gender) {
-					String gendervalue = (String) request.getParameter("gender");
-					if (null != gendervalue) {
-						gender = new PersonalAttribute();
-						gender.setName("gender");
-						ArrayList<String> tmp = new ArrayList<String>();
-						tmp.add(gendervalue);
-						gender.setValue(tmp);
-
-						authnResponse.getPersonalAttributeList().add(gender);
-					}
-				}
-			}
-
-			// ////////////////////////////////////////////////////////////////////////
-
-			Logger.debug("Starting extraction of signedDoc attribute");
-			// extract signed doc element and citizen signature
-			String citizenSignature = null;
-			try {
-				String signatureInfo = authnResponse.getPersonalAttributeList().get("signedDoc").getValue().get(0); // TODO ERROR HANDLING
-
-				Logger.debug("signatureInfo:" + signatureInfo);
-
-				SignResponse dssSignResponse = (SignResponse) ApiUtils.unmarshal(new StreamSource(
-						new java.io.StringReader(signatureInfo)));
-
-				// fetch signed doc
-				DataSource ds = LightweightSourceResolver.getDataSource(dssSignResponse);
-				if (ds == null) {
-					throw new ApiUtilsException("No datasource found in response");
-				}
-
-				InputStream incoming = ds.getInputStream();
-				citizenSignature = IOUtils.toString(incoming);
-				incoming.close();
-
-				Logger.debug("citizenSignature:" + citizenSignature);
-				if (isDocumentServiceUsed(citizenSignature) == true) {
-					Logger.debug("Loading document from DocumentService.");
-					String url = getDtlUrlFromResponse(dssSignResponse);
-					// get Transferrequest
-					String transferRequest = getDocTransferRequest(dssSignResponse.getDocUI(), url);
-					// Load document from DocujmentService
-					byte[] data = getDocumentFromDtl(transferRequest, url);
-					citizenSignature = new String(data, "UTF-8");
-					Logger.debug("Overridung citizenSignature with:" + citizenSignature);
-				}
-
-				JAXBContext ctx = JAXBContext.newInstance(SignatureType.class.getPackage().getName());
-				SignatureType root = ((JAXBElement<SignatureType>) ctx.createUnmarshaller().unmarshal(
-						IOUtils.toInputStream(citizenSignature))).getValue();
-
-				// memorize signature into authblock
-				moaSession.setAuthBlock(citizenSignature);
-
-				// extract certificate
-				for (Object current : root.getKeyInfo().getContent())
-					if (((JAXBElement<?>) current).getValue() instanceof X509DataType) {
-						for (Object currentX509Data : ((JAXBElement<X509DataType>) current).getValue()
-								.getX509IssuerSerialOrX509SKIOrX509SubjectName()) {
-							JAXBElement<?> casted = ((JAXBElement<?>) currentX509Data);
-							if (casted.getName().getLocalPart().equals("X509Certificate")) {
-								moaSession.setSignerCertificate(new X509Certificate(((String) casted.getValue())
-										.getBytes("UTF-8")));
-								break;
-							}
-						}
-					}
-
-			} catch (Throwable e) {
-				Logger.error("Could not extract citizen signature from C-PEPS", e);
-				throw new MOAIDException("stork.09", null);
-			}
-			Logger.debug("Foregin Citizen signature successfully extracted from STORK Assertion (signedDoc)");
-			Logger.debug("Citizen signature will be verified by SZR Gateway!");
-
-			Logger.debug("fetching OAParameters from database");
-
-			// //read configuration paramters of OA
-			// AuthenticationSession moasession;
-			// try {
-			// moasession = AuthenticationSessionStoreage.getSession(moaSessionID);
-			// } catch (MOADatabaseException e2) {
-			// Logger.error("could not retrieve moa session");
-			// throw new AuthenticationException("auth.01", null);
-			// }
-			OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
-					moaSession.getPublicOAURLPrefix());
-			if (oaParam == null)
-				throw new AuthenticationException("auth.00", new Object[] { moaSession.getPublicOAURLPrefix() });
-
-			// retrieve target
-			// TODO: check in case of SSO!!!
-			String targetType = null;
-			if (oaParam.getBusinessService()) {
-				String id = oaParam.getIdentityLinkDomainIdentifier();
-				if (id.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_))
-					targetType = id;
-				else
-					targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_ + moaSession.getDomainIdentifier();
-			} else {
-				targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget();
-			}
-
-			Logger.debug("Starting connecting SZR Gateway");
-			// contact SZR Gateway
-			IdentityLink identityLink = null;
-			executionContext.put("identityLinkAvailable", false);
-			try {
-				identityLink = STORKResponseProcessor.connectToSZRGateway(authnResponse.getPersonalAttributeList(),
-						oaParam.getFriendlyName(), targetType, null, oaParam.getMandateProfiles(), citizenSignature);
-			} catch (STORKException e) {
-				// this is really nasty but we work against the system here. We are supposed to get the gender attribute
-				// from
-				// stork. If we do not, we cannot register the person in the ERnP - we have to have the
-				// gender for the represented person. So here comes the dirty hack.
-				if (e.getCause() instanceof STORKException
-						&& e.getCause().getMessage().equals("gender not found in response")) {
-					try {
-						Logger.trace("Initialize VelocityEngine...");
-
-						VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
-						Template template = velocityEngine.getTemplate("/resources/templates/fetchGender.html");
-						VelocityContext context = new VelocityContext();
-						context.put("SAMLResponse", request.getParameter("SAMLResponse"));
-						context.put("action", request.getRequestURL());
-
-						StringWriter writer = new StringWriter();
-						template.merge(context, writer);
-
-						response.getOutputStream().write(writer.toString().getBytes("UTF-8"));
-					} catch (Exception e1) {
-						Logger.error("Error sending gender retrival form.", e1);
-						// httpSession.invalidate();
-						throw new MOAIDException("stork.10", null);
-					}
-
-					return;
-				}
-
-				Logger.error("Error connecting SZR Gateway", e);
-				throw new MOAIDException("stork.10", null);
-			}
-			Logger.debug("SZR communication was successfull");
-
-			if (identityLink == null) {
-				Logger.error("SZR Gateway did not return an identity link.");
-				throw new MOAIDException("stork.10", null);
-			}
-			moaSession.setForeigner(true);
-
-			Logger.info("Received Identity Link from SZR Gateway");
-			executionContext.put("identityLinkAvailable", true);
-			moaSession.setIdentityLink(identityLink);
-
-			Logger.debug("Adding addtional STORK attributes to MOA session");
-			moaSession.setStorkAttributes(authnResponse.getPersonalAttributeList());
-
-			Logger.debug("Add full STORK AuthnResponse to MOA session");
-			moaSession.setStorkAuthnResponse(request.getParameter("SAMLResponse"));
-
-			// We don't have BKUURL, setting from null to "Not applicable"
-			moaSession.setBkuURL("Not applicable (STORK Authentication)");
-
-			// free for single use
-			moaSession.setAuthenticatedUsed(false);
-
-			// stork did the authentication step
-			moaSession.setAuthenticated(true);
-
-			// TODO: found better solution, but QAA Level in response could be not supported yet
-			try {
-
-				moaSession.setQAALevel(authnResponse.getAssertions().get(0).getAuthnStatements().get(0)
-						.getAuthnContext().getAuthnContextClassRef().getAuthnContextClassRef());
-
-			} catch (Throwable e) {
-				Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level");
-				moaSession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel());
-
-			}
-
-			// session is implicit stored in changeSessionID!!!!
-			String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
-
-			Logger.info("Changed MOASession " + moaSessionID + " to Session " + newMOASessionID);
-
-			// redirect
-			String redirectURL = null;
-			redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(),
-					ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction(), pendingRequestID),
-					newMOASessionID);
-			redirectURL = response.encodeRedirectURL(redirectURL);
-
-			// response.setContentType("text/html");
-			// response.setStatus(302);
-			// response.addHeader("Location", redirectURL);
-			response.sendRedirect(redirectURL);
-			Logger.info("REDIRECT TO: " + redirectURL);
-
-		} catch (AuthenticationException e) {
-			handleError(null, e, request, response, pendingRequestID);
-
-		} catch (MOAIDException e) {
-			handleError(null, e, request, response, pendingRequestID);
-
-		} catch (Exception e) {
-			Logger.error("PEPSConnector has an interal Error.", e);
-		}
-
-		finally {
-			ConfigurationDBUtils.closeSession();
-		}
-
-	}
-
-	private boolean isDocumentServiceUsed(String citizenSignature) // TODo add better check
-	{
-		if (citizenSignature
-				.contains("<table border=\"0\"><tr><td>Service Name:</td><td>{http://stork.eu}DocumentService</td></tr><tr><td>Port Name:</td><td>{http://stork.eu}DocumentServicePort</td></tr></table>"))
-			return true;
-		return false;
-	}
-
-	/**
-	 * Get DTL uril from the oasis sign response
-	 * 
-	 * @param signRequest
-	 *            The signature response
-	 * @return The URL of DTL service
-	 * @throws SimpleException
-	 */
-	private String getDtlUrlFromResponse(SignResponse dssSignResponse) {
-		List<DocumentWithSignature> documents = ApiUtils.findNamedElement(dssSignResponse.getOptionalOutputs(),
-				ApiUtils.OPTIONAL_OUTPUT_DOCUMENTWITHSIGNATURE, DocumentWithSignature.class);
-		DocumentType sourceDocument = documents.get(0).getDocument();
-
-		if (sourceDocument.getDocumentURL() != null)
-			return sourceDocument.getDocumentURL();
-		else
-			return null;// throw new Exception("No document url found");
-	}
-
-	// From DTLPEPSUTIL
-
-	/**
-	 * Get document from DTL
-	 * 
-	 * @param transferRequest
-	 *            The transfer request (attribute query)
-	 * @param eDtlUrl
-	 *            The DTL url of external DTL
-	 * @return the document data
-	 * @throws SimpleException
-	 */
-	private byte[] getDocumentFromDtl(String transferRequest, String eDtlUrl) throws Exception {
-		URL url = null;
-		try {
-			url = new URL(dtlUrl);
-			QName qname = new QName("http://stork.eu", "DocumentService");
-
-			Service service = Service.create(url, qname);
-			DocumentService docservice = service.getPort(DocumentService.class);
-
-			BindingProvider bp = (BindingProvider) docservice;
-			SOAPBinding binding = (SOAPBinding) bp.getBinding();
-			binding.setMTOMEnabled(true);
-
-			if (eDtlUrl.equalsIgnoreCase(dtlUrl))
-				return docservice.getDocument(transferRequest, "");
-			else
-				return docservice.getDocument(transferRequest, eDtlUrl);
-		} catch (Exception e) {
-			e.printStackTrace();
-			throw new Exception("Error in getDocumentFromDtl", e);
-		}
-	}
-
-	/**
-	 * Get a document transfer request (attribute query)
-	 * 
-	 * @param docId
-	 * @return
-	 * @throws SimpleException
-	 */
-	private String getDocTransferRequest(String docId, String destinationUrl) throws Exception {
-		String spCountry = docId.substring(0, docId.indexOf("/"));
-		final STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");
-		STORKAttrQueryRequest req = new STORKAttrQueryRequest();
-		req.setAssertionConsumerServiceURL(dtlUrl);
-		req.setDestination(destinationUrl);
-		req.setSpCountry(spCountry);
-		req.setQaa(3);// TODO
-		PersonalAttributeList pal = new PersonalAttributeList();
-		PersonalAttribute attr = new PersonalAttribute();
-		attr.setName("docRequest");
-		attr.setIsRequired(true);
-		attr.setValue(Arrays.asList(docId));
-		pal.add(attr);
-		req.setPersonalAttributeList(pal);
-
-		STORKAttrQueryRequest req1;
-		try {
-			req1 = engine.generateSTORKAttrQueryRequest(req);
-			return PEPSUtil.encodeSAMLTokenUrlSafe(req1.getTokenSaml());
-		} catch (STORKSAMLEngineException e) {
-			e.printStackTrace();
-			throw new Exception("Error in doc request attribute query generation", e);
-		}
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
index d6c15c658..bc8a01e41 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
@@ -35,13 +35,13 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration;
 import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
 import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.moduls.moduleregistration.ModuleRegistration;
 import at.gv.egovernment.moa.id.process.ExecutionContextImpl;
 import at.gv.egovernment.moa.id.process.ProcessInstance;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 0a7f71713..b239fbb1d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -68,6 +68,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration;
 import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser;
 import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
@@ -76,7 +77,6 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.SLOInformationContainer;
 import at.gv.egovernment.moa.id.data.SLOInformationImpl;
-import at.gv.egovernment.moa.id.moduls.moduleregistration.ModuleRegistration;
 import at.gv.egovernment.moa.id.process.ExecutionContextImpl;
 import at.gv.egovernment.moa.id.process.ProcessEngine;
 import at.gv.egovernment.moa.id.process.ProcessExecutionException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/moduleregistration/AuthModule.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/moduleregistration/AuthModule.java
deleted file mode 100644
index 295a51a24..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/moduleregistration/AuthModule.java
+++ /dev/null
@@ -1,41 +0,0 @@
-package at.gv.egovernment.moa.id.moduls.moduleregistration;
-
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.process.model.ProcessDefinition;
-
-/**
- * Defines the module capabilities.
- */
-public interface AuthModule {
-
-	/**
-	 * Returns the priority of the module. The priority defines the order of the respective module within the chain of
-	 * discovered modules. Higher priorized modules are asked before lower priorized modules for a process that they can
-	 * handle.
-	 * <p/>
-	 * Internal default modules are priorized neutral ({@code 0}. Use a higher priority ({@code 1...Integer.MAX_VALUE})
-	 * in order to have your module(s) priorized or a lower priority ({@code Integer.MIN_VALUE...-1}) in order to put
-	 * your modules behind default modules.
-	 * 
-	 * @return the priority of the module.
-	 */
-	int getPriority();
-
-	/**
-	 * Checks if the module has a process, which is able to perform an authentication with the given
-	 * {@link ExecutionContext}.
-	 * 
-	 * @param context
-	 *            an ExecutionContext for a process.
-	 * @return the process-ID of a process which is able to work with the given ExecutionContext, or {@code null}.
-	 */
-	String selectProcess(ExecutionContext context);
-
-	/**
-	 * Returns the an Array of {@link ProcessDefinition}s of the processes included in this module.
-	 * 
-	 * @return an array of resource uris of the processes included in this module.
-	 */
-	String[] getProcessDefinitions();
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/moduleregistration/ModuleRegistration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/moduleregistration/ModuleRegistration.java
deleted file mode 100644
index 9e06a9ec8..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/moduleregistration/ModuleRegistration.java
+++ /dev/null
@@ -1,149 +0,0 @@
-package at.gv.egovernment.moa.id.moduls.moduleregistration;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.Comparator;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.ServiceLoader;
-
-import javax.annotation.PostConstruct;
-
-import org.apache.commons.lang3.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.ApplicationContext;
-import org.springframework.core.io.Resource;
-
-import at.gv.egovernment.moa.id.process.ProcessDefinitionParserException;
-import at.gv.egovernment.moa.id.process.ProcessEngine;
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-
-/**
- * This class handles registering modules. The modules are detected either with
- * the ServiceLoader mechanism or via Spring. All detected modules are ranked
- * according to their priority.
- */
-public class ModuleRegistration {
-
-	private static ModuleRegistration instance = new ModuleRegistration();
-
-	private List<AuthModule> priorizedModules = new ArrayList<>();
-
-	@Autowired
-	private ApplicationContext ctx;
-
-	@Autowired
-	private ProcessEngine processEngine;
-
-	private Logger log = LoggerFactory.getLogger(getClass());
-
-	public static ModuleRegistration getInstance() {
-		return instance;
-	}
-
-	private ModuleRegistration() {
-	}
-
-	@PostConstruct
-	private void init() {
-		// load modules via the ServiceLoader
-		initServiceLoaderModules();
-
-		// load modules via Spring
-		initSpringModules();
-
-		// order modules according to their priority
-		priorizeModules();
-	}
-
-	/**
-	 * Discovers modules which use the ServiceLoader mechanism.
-	 */
-	private void initServiceLoaderModules() {
-		log.info("Looking for auth modules.");
-		ServiceLoader<AuthModule> loader = ServiceLoader.load(AuthModule.class);
-		Iterator<AuthModule> modules = loader.iterator();
-		while (modules.hasNext()) {
-			AuthModule module = modules.next();
-			log.info("Detected module {}", module.getClass().getName());
-			registerResourceUris(module);
-			priorizedModules.add(module);
-		}
-	}
-
-	/**
-	 * Discovers modules which use Spring.
-	 */
-	private void initSpringModules() {
-		log.debug("Discovering Spring modules.");
-		Map<String, AuthModule> modules = ctx.getBeansOfType(AuthModule.class);
-		for (AuthModule module : modules.values()) {
-			registerResourceUris(module);
-			priorizedModules.add(module);
-		}
-	}
-
-	/**
-	 * Registers the resource uris for the module.
-	 * 
-	 * @param module
-	 *            the module.
-	 */
-	private void registerResourceUris(AuthModule module) {
-		for (String uri : module.getProcessDefinitions()) {
-			Resource resource = ctx.getResource(uri);
-			if (resource.isReadable()) {
-				log.info("Registering process definition resource: '{}'.", uri);
-				try (InputStream processDefinitionInputStream = resource.getInputStream()) {
-					processEngine.registerProcessDefinition(processDefinitionInputStream);
-				} catch (IOException e) {
-					log.error("Resource uri: '{}' could NOT be read.", uri, e);
-				} catch (ProcessDefinitionParserException e) {
-					log.error("Error while parsing process definition in '{}'", uri, e);
-				}
-			} else {
-				log.error("Resource uri: '{}' cannot be read.", uri);
-			}
-		}
-	}
-
-	/**
-	 * Order the modules in descending order according to their priority.
-	 */
-	private void priorizeModules() {
-		Collections.sort(priorizedModules, new Comparator<AuthModule>() {
-			@Override
-			public int compare(AuthModule thisAuthModule, AuthModule otherAuthModule) {
-				int thisOrder = thisAuthModule.getPriority();
-				int otherOrder = otherAuthModule.getPriority();
-				return (thisOrder < otherOrder ? -1 : (thisOrder == otherOrder ? 0 : 1));
-			}
-		});
-		log.debug("Modules are ordered in descending order, according to their priority.");
-	}
-
-	/**
-	 * Returns the process id of the first process, in the highest ranked
-	 * module, which is able to work with the given execution context.
-	 * 
-	 * @param context
-	 *            the {@link ExecutionContext}.
-	 * @return the process id or {@code null}
-	 */
-	public String selectProcess(ExecutionContext context) {
-		for (AuthModule module : priorizedModules) {
-			String id = module.selectProcess(context);
-			if (StringUtils.isNotEmpty(id)) {
-				log.debug("Process with id '{}' selected, for context '{}'.", id, context);
-				return id;
-			}
-		}
-		log.info("No process is able to handle context '{}'.", context);
-		return null;
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java
index 2f1487564..ff6ec969e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java
@@ -27,8 +27,9 @@ public interface ProcessEngine {
 	 *
 	 * @param processDefinitionInputStream The input stream to the definition to be registered.
 	 * @throws ProcessDefinitionParserException Thrown in case of an error parsing the process definition.
+	 * @return The process definition's identifier.
 	 */
-	void registerProcessDefinition(InputStream processDefinitionInputStream) throws ProcessDefinitionParserException;
+	String registerProcessDefinition(InputStream processDefinitionInputStream) throws ProcessDefinitionParserException;
 
 	/**
 	 * Creates a process instance according to the referenced process definition, persists it into the database and returns it identifier.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java
index ea5a2684e..eb6a29ad9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java
@@ -55,8 +55,10 @@ public class ProcessEngineImpl implements ProcessEngine {
 	}
 
 	@Override
-	public void registerProcessDefinition(InputStream processDefinitionInputStream) throws ProcessDefinitionParserException{
-		registerProcessDefinition(pdp.parse(processDefinitionInputStream));
+	public String registerProcessDefinition(InputStream processDefinitionInputStream) throws ProcessDefinitionParserException{
+		ProcessDefinition pd = pdp.parse(processDefinitionInputStream);
+		registerProcessDefinition(pd);
+		return pd.getId();
 	}
 
 	/**
diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule
new file mode 100644
index 000000000..865096055
--- /dev/null
+++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule
@@ -0,0 +1,2 @@
+# The default moaid process
+at.gv.egovernment.moa.id.auth.modules.internal.DefaultAuthModuleImpl
diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.moduleregistration.AuthModule b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.moduleregistration.AuthModule
deleted file mode 100644
index 865096055..000000000
--- a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.moduls.moduleregistration.AuthModule
+++ /dev/null
@@ -1,2 +0,0 @@
-# The default moaid process
-at.gv.egovernment.moa.id.auth.modules.internal.DefaultAuthModuleImpl
diff --git a/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/stork/STORK.authmodule.beans.xml b/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/stork/STORK.authmodule.beans.xml
deleted file mode 100644
index 2e924bdd0..000000000
--- a/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/stork/STORK.authmodule.beans.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xmlns:context="http://www.springframework.org/schema/context"
-	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
-		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
-
-	<context:annotation-config />
-
-	<bean id="storkAuthModule" class="at.gv.egovernment.moa.id.auth.modules.stork.STORKAuthModuleImpl">
-		<property name="priority" value="0" />
-	</bean>
-
-</beans>
diff --git a/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthentication.process.xml b/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthentication.process.xml
deleted file mode 100644
index 60989e638..000000000
--- a/id/server/idserverlib/src/main/resources/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthentication.process.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<pd:ProcessDefinition id="STORKAuthentication" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1">
-
-<!--
-	STORK authentication both with C-PEPS supporting xml signatures and with C-PEPS not supporting xml signatures.
--->
-	<pd:Task id="createStorkAuthRequestForm"      class="at.gv.egovernment.moa.id.auth.modules.stork.tasks.CreateStorkAuthRequestFormTask" />
-	<pd:Task id="pepsConnector"                   class="at.gv.egovernment.moa.id.auth.modules.stork.tasks.PepsConnectorTask"                               async="true" />
-	<pd:Task id="pepsConnectorWithoutSignature"   class="at.gv.egovernment.moa.id.auth.modules.stork.tasks.PepsConnectorHandleResponseWithoutSignatureTask" async="true" />
-	<pd:Task id="pepsConnectorWithLocalSignature" class="at.gv.egovernment.moa.id.auth.modules.stork.tasks.PepsConnectorHandleLocalSignResponseTask"        async="true" />
-
-	<!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. -->
-	<pd:StartEvent id="start" />
-	
-	<pd:Transition from="start" to="createStorkAuthRequestForm" />
-	
-	<pd:Transition from="createStorkAuthRequestForm" to="pepsConnector" conditionExpression="ctx['C-PEPS:XMLSignatureSupported']" />
-	<pd:Transition from="createStorkAuthRequestForm" to="pepsConnectorWithoutSignature" />
-	
-	<pd:Transition from="pepsConnector" to="pepsConnector" conditionExpression="!ctx['identityLinkAvailable']" /> <!-- honor strange intermediate step of asking for the subject's gender -->
-	<pd:Transition from="pepsConnector" to="end" />
-	
-	<pd:Transition from="pepsConnectorWithoutSignature"   to="pepsConnectorWithLocalSignature" />
-	<pd:Transition from="pepsConnectorWithLocalSignature" to="pepsConnectorWithoutSignature" conditionExpression="!ctx['identityLinkAvailable']" /> <!-- honor strange intermediate step of asking for the subject's gender -->
-	<pd:Transition from="pepsConnectorWithLocalSignature" to="end" />
-	
-	<pd:EndEvent id="end" />
-
-</pd:ProcessDefinition>
diff --git a/id/server/modules/module-stork/pom.xml b/id/server/modules/module-stork/pom.xml
new file mode 100644
index 000000000..8761e17ee
--- /dev/null
+++ b/id/server/modules/module-stork/pom.xml
@@ -0,0 +1,22 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+
+	<parent>
+		<groupId>MOA.id.server.modules</groupId>
+		<artifactId>moa-id-modules</artifactId>
+		<version>${moa-id-version}</version>
+	</parent>
+
+	<groupId>MOA.id.server.modules</groupId>
+	<artifactId>moa-id-module-stork</artifactId>
+	<version>${moa-id-version}</version>
+	<packaging>jar</packaging>
+
+	<name>MOA ID-Module STORK</name>
+
+	<properties>
+		<repositoryPath>${basedir}/../../../../repository</repositoryPath>
+	</properties>
+	
+</project>
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthModuleImpl.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthModuleImpl.java
new file mode 100644
index 000000000..41384690e
--- /dev/null
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthModuleImpl.java
@@ -0,0 +1,39 @@
+package at.gv.egovernment.moa.id.auth.modules.stork;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egovernment.moa.id.auth.modules.AuthModule;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+
+/**
+ * Module descriptor for an auth module providing stork authentication related processes.
+ * @author tknall
+ */
+public class STORKAuthModuleImpl implements AuthModule {
+	
+	private int priority = 0;
+
+	@Override
+	public int getPriority() {
+		return priority;
+	}
+
+	/**
+	 * Sets the priority of this module. Default value is {@code 0}.
+	 * @param priority The priority.
+	 */
+	public void setPriority(int priority) {
+		this.priority = priority;
+	}
+
+	@Override
+	public String selectProcess(ExecutionContext context) {
+		return StringUtils.isNotBlank((String) context.get("ccc")) ? "STORKAuthentication" : null;
+	}
+
+	@Override
+	public String[] getProcessDefinitions() {
+		return new String[] { "classpath:at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthentication.process.xml" };
+	}
+
+}
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORKWebApplicationInitializer.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORKWebApplicationInitializer.java
new file mode 100644
index 000000000..7478a57c3
--- /dev/null
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORKWebApplicationInitializer.java
@@ -0,0 +1,37 @@
+package at.gv.egovernment.moa.id.auth.modules.stork;
+
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRegistration;
+
+import org.springframework.web.WebApplicationInitializer;
+
+import at.gv.egovernment.moa.id.auth.servlet.ProcessEngineSignalServlet;
+
+/**
+ * Spring automatically discovers {@link WebApplicationInitializer} implementations at startup.<br/>
+ * This STORK webapp initializer adds the required servlet mappings:
+ * <ul>
+ * <li>{@code /PEPSConnector}</li>
+ * <li>{@code /PEPSConnectorWithLocalSigning}</li>
+ * </ul>
+ * for the {@linkplain ProcessEngineSignalServlet process engine servlet} (named {@code ProcessEngineSignal}) that wakes
+ * up a process in order to execute asynchronous tasks. Therefore the servlet mappings mentioned above do not need to be
+ * declared in {@code web.xml}.
+ * 
+ * @author tknall
+ * @see ProcessEngineSignalServlet
+ */
+public class STORKWebApplicationInitializer implements WebApplicationInitializer {
+
+	@Override
+	public void onStartup(ServletContext servletContext) throws ServletException {
+		ServletRegistration servletRegistration = servletContext.getServletRegistration("ProcessEngineSignal");
+		if (servletRegistration == null) {
+			throw new IllegalStateException("Servlet 'ProcessEngineSignal' expected to be registered.");
+		}
+		servletRegistration.addMapping("/PEPSConnectorWithLocalSigning");
+		servletRegistration.addMapping("/PEPSConnector");
+	}
+
+}
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/AbstractPepsConnectorWithLocalSigningTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/AbstractPepsConnectorWithLocalSigningTask.java
new file mode 100644
index 000000000..702e62fa0
--- /dev/null
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/AbstractPepsConnectorWithLocalSigningTask.java
@@ -0,0 +1,223 @@
+package at.gv.egovernment.moa.id.auth.modules.stork.tasks;
+
+import iaik.x509.X509Certificate;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.UnsupportedEncodingException;
+import java.security.cert.CertificateException;
+import java.util.HashMap;
+
+import javax.activation.DataSource;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.TransformerConfigurationException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactoryConfigurationError;
+
+import org.apache.commons.io.IOUtils;
+import org.xml.sax.SAXException;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.BKUException;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.auth.exception.ServiceException;
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.stork.STORKException;
+import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.api.SPSSFactory;
+import at.gv.egovernment.moa.spss.api.SignatureVerificationService;
+import at.gv.egovernment.moa.spss.api.common.Content;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureLocation;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
+import at.gv.util.xsd.xmldsig.SignatureType;
+import at.gv.util.xsd.xmldsig.X509DataType;
+import eu.stork.oasisdss.api.LightweightSourceResolver;
+import eu.stork.oasisdss.api.exceptions.ApiUtilsException;
+import eu.stork.oasisdss.api.exceptions.UtilsException;
+import eu.stork.oasisdss.profile.SignResponse;
+import eu.stork.peps.auth.commons.IPersonalAttributeList;
+
+public abstract class AbstractPepsConnectorWithLocalSigningTask extends AbstractAuthServletTask {
+
+	String getCitizienSignatureFromSignResponse(SignResponse dssSignResponse) throws IllegalArgumentException,
+			TransformerConfigurationException, UtilsException, TransformerException,
+			TransformerFactoryConfigurationError, IOException, ApiUtilsException {
+		// fetch signed doc
+		DataSource ds = LightweightSourceResolver.getDataSource(dssSignResponse);
+		if (ds == null) {
+			throw new ApiUtilsException("No datasource found in response");
+		}
+
+		InputStream incoming = ds.getInputStream();
+		String citizenSignature = IOUtils.toString(incoming);
+		incoming.close();
+
+		return citizenSignature;
+	}
+
+	void SZRGInsertion(AuthenticationSession moaSession, IPersonalAttributeList personalAttributeList,
+			String authnContextClassRef, String citizenSignature) throws STORKException, MOAIDException {
+		Logger.debug("Foregin Citizen signature successfully extracted from STORK Assertion (signedDoc)");
+		Logger.debug("Citizen signature will be verified by SZR Gateway!");
+
+		Logger.debug("fetching OAParameters from database");
+
+		OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
+				moaSession.getPublicOAURLPrefix());
+		if (oaParam == null)
+			throw new AuthenticationException("auth.00", new Object[] { moaSession.getPublicOAURLPrefix() });
+
+		// retrieve target
+		// TODO: check in case of SSO!!!
+		String targetType = null;
+		if (oaParam.getBusinessService()) {
+			String id = oaParam.getIdentityLinkDomainIdentifier();
+			if (id.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_))
+				targetType = id;
+			else
+				targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_ + moaSession.getDomainIdentifier();
+		} else {
+			targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget();
+		}
+
+		Logger.debug("Starting connecting SZR Gateway");
+		// contact SZR Gateway
+		IdentityLink identityLink = null;
+
+		identityLink = STORKResponseProcessor.connectToSZRGateway(personalAttributeList, oaParam.getFriendlyName(),
+				targetType, null, oaParam.getMandateProfiles(), citizenSignature);
+		Logger.debug("SZR communication was successfull");
+
+		if (identityLink == null) {
+			Logger.error("SZR Gateway did not return an identity link.");
+			throw new MOAIDException("stork.10", null);
+		}
+		Logger.info("Received Identity Link from SZR Gateway");
+		moaSession.setIdentityLink(identityLink);
+
+		Logger.debug("Adding addtional STORK attributes to MOA session");
+		moaSession.setStorkAttributes(personalAttributeList);
+
+		// We don't have BKUURL, setting from null to "Not applicable"
+		moaSession.setBkuURL("Not applicable (STORK Authentication)");
+
+		// free for single use
+		moaSession.setAuthenticatedUsed(false);
+
+		// stork did the authentication step
+		moaSession.setAuthenticated(true);
+
+		// TODO: found better solution, but QAA Level in response could be not supported yet
+		try {
+			if (authnContextClassRef == null)
+				authnContextClassRef = PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel();
+			moaSession.setQAALevel(authnContextClassRef);
+
+		} catch (Throwable e) {
+			Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level");
+			moaSession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel());
+
+		}
+
+	}
+
+	X509Certificate getSignerCertificate(String citizenSignature) throws CertificateException, JAXBException,
+			UnsupportedEncodingException {
+		JAXBContext ctx = JAXBContext.newInstance(SignatureType.class.getPackage().getName());
+		SignatureType root = ((JAXBElement<SignatureType>) ctx.createUnmarshaller().unmarshal(
+				IOUtils.toInputStream(citizenSignature))).getValue();
+
+		// extract certificate
+		for (Object current : root.getKeyInfo().getContent())
+			if (((JAXBElement<?>) current).getValue() instanceof X509DataType) {
+				for (Object currentX509Data : ((JAXBElement<X509DataType>) current).getValue()
+						.getX509IssuerSerialOrX509SKIOrX509SubjectName()) {
+					JAXBElement<?> casted = ((JAXBElement<?>) currentX509Data);
+					if (casted.getName().getLocalPart().equals("X509Certificate")) {
+						return new X509Certificate(((String) casted.getValue()).getBytes("UTF-8"));
+					}
+				}
+			}
+		return null;
+	}
+
+	VerifyXMLSignatureResponse verifyXMLSignature(String signature) throws AuthenticationException, ParseException,
+			BKUException, BuildException, ConfigurationException, ServiceException, UnsupportedEncodingException,
+			SAXException, IOException, ParserConfigurationException, MOAException {
+		// Based on MOA demo client
+		// Factory und Service instanzieren
+		SPSSFactory spssFac = SPSSFactory.getInstance();
+		SignatureVerificationService sigVerifyService = SignatureVerificationService.getInstance();
+
+		Content sigDocContent1 = spssFac.createContent(IOUtils.toInputStream(signature, "UTF-8"), null);
+
+		// Position der zu prüfenden Signatur im Dokument angeben
+		// (Nachdem im XPath-Ausdruck ein NS-Präfix verwendet wird, muss in einer Lookup-Tabelle
+		// der damit bezeichnete Namenraum mitgegeben werden)
+		HashMap nSMap = new HashMap();
+		nSMap.put("dsig", "http://www.w3.org/2000/09/xmldsig#");
+		VerifySignatureLocation sigLocation = spssFac.createVerifySignatureLocation("//dsig:Signature", nSMap);
+
+		// Zu prüfendes Dokument und Signaturposition zusammenfassen
+
+		VerifySignatureInfo sigInfo = spssFac.createVerifySignatureInfo(sigDocContent1, sigLocation);
+
+		// Prüfrequest zusammenstellen
+		VerifyXMLSignatureRequest verifyRequest = spssFac.createVerifyXMLSignatureRequest(null, // Wird Prüfzeit nicht
+																								// angegeben, wird
+																								// aktuelle Zeit
+																								// verwendet
+				sigInfo, null, // Keine Ergänzungsobjekte notwendig
+				null, // Signaturmanifest-Prüfung soll nicht durchgeführt werden
+				false, // Hash-Inputdaten, d.h. tatsächlich signierte Daten werden nicht zurückgeliefert
+				"MOAIDBuergerkartePersonenbindungMitTestkarten");// TODO load from config
+		// "Test-Signaturdienste"); // ID des verwendeten Vertrauensprofils
+
+		VerifyXMLSignatureResponse verifyResponse = null;
+		try {
+			// Aufruf der Signaturprüfung
+			verifyResponse = sigVerifyService.verifyXMLSignature(verifyRequest);
+		} catch (MOAException e) {
+			// Service liefert Fehler
+			System.err.println("Die Signaturprüfung hat folgenden Fehler geliefert:");
+			System.err.println("Fehlercode: " + e.getMessageId());
+			System.err.println("Fehlernachricht: " + e.getMessage());
+			throw e;
+		}
+
+		return verifyResponse;
+	}
+
+	at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse convert(
+			VerifyXMLSignatureResponse xMLVerifySignatureResponse) {
+		at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse response = new at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse();
+		response.setCertificateCheckCode(xMLVerifySignatureResponse.getCertificateCheck().getCode());
+		response.setPublicAuthority(xMLVerifySignatureResponse.getSignerInfo().isPublicAuthority());
+		// response.setPublicAuthorityCode(publicAuthorityCode)
+		response.setQualifiedCertificate(xMLVerifySignatureResponse.getSignerInfo().isQualifiedCertificate());
+		response.setSignatureCheckCode(xMLVerifySignatureResponse.getSignatureCheck().getCode());
+		response.setSignatureManifestCheckCode(xMLVerifySignatureResponse.getSignatureManifestCheck().getCode());
+		// response.setSigningDateTime()
+		// response.setX509certificate(x509certificate)
+		response.setXmlDSIGManifestCheckCode(xMLVerifySignatureResponse.getSignatureManifestCheck().getCode());
+		// response.setXmlDSIGManigest(xMLVerifySignatureResponse.getSignatureManifestCheck())
+		// response.setXmlDsigSubjectName(xmlDsigSubjectName)
+		return response;
+	}
+
+}
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
new file mode 100644
index 000000000..f8cc17b93
--- /dev/null
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
@@ -0,0 +1,112 @@
+package at.gv.egovernment.moa.id.auth.modules.stork.tasks;
+
+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.stork.CPEPS;
+import at.gv.egovernment.moa.id.config.stork.STORKConfig;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * Creates a SAML2 STORK authentication request, embeds it in a form (in order to satisfy saml post binging) and returns the form withing the HttpServletResponse.<p/>
+ * In detail:
+ * <ul>
+ * <li>Validates the stork configuration in order to make sure the selected country is supported.</li>
+ * <li>Puts a flag ({@link #PROCESS_CTX_KEY_CPEPS_ISXMLSIGSUPPORTED}) into the ExecutionContext reflecting the capability of the C-PEPS to create xml signatures.</li>
+ * <li>Invokes {@link AuthenticationServer#startSTORKAuthentication(HttpServletRequest, HttpServletResponse, AuthenticationSession)} which</li>
+ * <ul>
+ * <li>Creates and signs a SAML2 stork authentication request.</li>
+ * <li>Creates a signature request for auth block signature (either to be performed by the C-PEPS or locally).</li>
+ * <li>Using the velocity template engine in order to create a form with the embedded stork request.</li>
+ * <li>Writes the form to the response output stream.</li>
+ * </ul>
+ * </ul>
+ * Expects:
+ * <ul>
+ * <li>HttpServletRequest parameter {@linkplain at.gv.egovernment.moa.id.auth.MOAIDAuthConstants#PARAM_SESSIONID PARAM_SESSIONID}</li>
+ * <li>Property {@code ccc} set within the moa session.</li>
+ * </ul>
+ * Result:
+ * <ul>
+ * <li>Form containing a SAML2 Stork authentication request and an action url pointing to the selected C-PEPS.</li>
+ * <li>Assertion consumer URL for C-PEPS set either to {@code /PEPSConnector} in case of a C-PEPS supporting xml signatures or {@code /PEPSConnectorWithLocalSigning} if the selected C-PEPS does not support xml signatures.</li>
+ * <li>In case of a C-PEPS not supporting xml signature: moasession with set signedDoc property (containing the signature request for local signing).</li>
+ * <li>ExecutionContext contains the boolean flag {@link #PROCESS_CTX_KEY_CPEPS_ISXMLSIGSUPPORTED}.
+ * </ul>
+ * Code taken from {@link StartAuthenticationBuilder#build(AuthenticationSession, HttpServletRequest, HttpServletResponse)}.<br/>
+ * Using {@link AuthenticationServer#startSTORKAuthentication(HttpServletRequest, HttpServletResponse, AuthenticationSession)}
+ * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
+ */
+public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask {
+
+	/**
+	 * Boolean value reflecting the capability of the selected c-peps of creating xml signatures.
+	 */
+	public static final String PROCESS_CTX_KEY_CPEPS_ISXMLSIGSUPPORTED = "C-PEPS:XMLSignatureSupported";
+
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
+			throws Exception {
+
+		String pendingRequestID = null;
+		String sessionID = null;
+		try {
+			setNoCachingHeaders(resp);
+
+			sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID));
+			// check parameter
+			if (!ParamValidatorUtils.isValidSessionID(sessionID)) {
+				throw new WrongParametersException("CreateStorkAuthRequestFormTask", PARAM_SESSIONID, "auth.12");
+			}
+			AuthenticationSession moasession = AuthenticationServer.getSession(sessionID);
+			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+
+			if (StringUtils.isEmpty(moasession.getCcc())) {
+				// illegal state; task should not have been executed without a selected country
+				throw new AuthenticationException("stork.22", new Object[] { sessionID });
+			}
+			STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig();
+			if (!storkConfig.isSTORKAuthentication(moasession.getCcc())) {
+				throw new AuthenticationException("stork.23", new Object[] { moasession.getCcc(), sessionID });
+			}
+
+			// STORK authentication
+			// cpeps cannot be null
+			CPEPS cpeps = storkConfig.getCPEPS(moasession.getCcc());
+			Logger.debug("Found C-PEPS configuration for citizen of country: " + moasession.getCcc());
+			executionContext.put(PROCESS_CTX_KEY_CPEPS_ISXMLSIGSUPPORTED, cpeps.isXMLSignatureSupported());
+
+			Logger.info("Starting STORK authentication for a citizen of country: " + moasession.getCcc());
+			AuthenticationServer.startSTORKAuthentication(req, resp, moasession);
+
+		} catch (MOAIDException ex) {
+			handleError(null, ex, req, resp, pendingRequestID);
+
+		} catch (Exception e) {
+			Logger.error("CreateStorkAuthRequestFormTask has an interal Error.", e);
+			throw new MOAIDException("Internal error.", new Object[] { sessionID }, e);
+		}
+
+		finally {
+			ConfigurationDBUtils.closeSession();
+		}
+	}
+
+}
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java
new file mode 100644
index 000000000..077bb2dee
--- /dev/null
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java
@@ -0,0 +1,216 @@
+package at.gv.egovernment.moa.id.auth.modules.stork.tasks;
+
+import iaik.x509.X509Certificate;
+
+import java.io.IOException;
+import java.io.StringWriter;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.transform.Source;
+import javax.xml.transform.stream.StreamSource;
+
+import org.apache.commons.codec.binary.Base64;
+import org.apache.velocity.Template;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.stork.STORKException;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.VelocityProvider;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
+import eu.stork.oasisdss.api.ApiUtils;
+import eu.stork.oasisdss.profile.SignResponse;
+import eu.stork.peps.auth.commons.IPersonalAttributeList;
+import eu.stork.peps.auth.commons.PersonalAttribute;
+
+/**
+ * Processes the citizen's signature, creates identity link using szr gateway and finalizes authentication.
+ * <p/>
+ * In detail:
+ * <ul>
+ * <li>Changes moa session id.</li>
+ * <li>Decodes and validates the sign response, extracting the citizen's signature.</li>
+ * <li>Verifies the citizen's signature.</li>
+ * <li>Create {@code signedDoc} attribute.</li>
+ * <li>Retrieve identity link from SZR gateway using the citizen's signature.</li>
+ * <li>If the S-PEPS did not provide any gender information, the szr gateway will not be able to issue an identity link.
+ * Therefore a form is presented asking for the subject's gender. The form finally submits the user back to the
+ * {@code /PepsConnectorWithLocalSigning} servlet (this task).</li>
+ * <li>The moa session is updated with authentication information.</li>
+ * <li>Change moa session id.</li>
+ * <li>Redirects back to {@code /dispatcher} in order to finalize the authentication.</li>
+ * </ul>
+ * Expects:
+ * <ul>
+ * <li>HttpServletRequest parameter {@code moaSessionID}</li>
+ * <li>HttpServletRequest parameter {@code signresponse}</li>
+ * </ul>
+ * Result:
+ * <ul>
+ * <li>Updated moa id session (signed auth block, signer certificate etc.)</li>
+ * <li>Redirect to {@code /dispatcher}.</li>
+ * <li>{@link ExecutionContext} contains boolean flag {@code identityLinkAvailable} indicating if an identitylink has been successfully creates or not.</li>
+ * </ul>
+ * Possible branches:
+ * <ul>
+ * <li>In case the szr gateway throws exception due to missing gender information:
+ * <ul>
+ * <li>Returns a form for gender selection with action url back to this servlet/task.</li>
+ * </ul>
+ * </li>
+ * </ul>
+ * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet}.<br/>
+ *
+ * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
+ */
+public class PepsConnectorHandleLocalSignResponseTask extends AbstractPepsConnectorWithLocalSigningTask {
+
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+			throws Exception {
+		String moaSessionID = request.getParameter("moaSessionID");
+		String signResponse = request.getParameter("signresponse");
+		Logger.info("moaSessionID:" + moaSessionID);
+		Logger.info("signResponse:" + signResponse);
+
+		if (moaSessionID != null && signResponse != null) {
+			// redirect from oasis with signresponse
+			handleSignResponse(executionContext, request, response);
+		} else {
+			// should not occur
+			throw new IOException("should not occur");
+		}
+		return;
+	}
+
+	private void handleSignResponse(ExecutionContext executionContext, HttpServletRequest request,
+			HttpServletResponse response) {
+		Logger.info("handleSignResponse started");
+		String moaSessionID = request.getParameter("moaSessionID");
+		String signResponse = request.getParameter("signresponse");
+		Logger.info("moaSessionID:" + moaSessionID);
+		Logger.info("signResponse:" + signResponse);
+		String pendingRequestID = null;
+		try {
+
+			// load MOASession from database
+			AuthenticationSession moaSession = AuthenticationServer.getSession(moaSessionID);
+			// change MOASessionID
+			moaSessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
+
+			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);
+			Logger.info("pendingRequestID:" + pendingRequestID);
+			String signResponseString = new String(Base64.decodeBase64(signResponse), "UTF8");
+			Logger.info("RECEIVED signresponse:" + signResponseString);
+			// create SignResponse object
+			Source response1 = new StreamSource(new java.io.StringReader(signResponseString));
+			SignResponse dssSignResponse = ApiUtils.unmarshal(response1, SignResponse.class);
+
+			// SignResponse dssSignResponse = (SignResponse) ApiUtils.unmarshal(new StreamSource(new
+			// java.io.StringReader(Base64.signResponse)));
+
+			String citizenSignature = getCitizienSignatureFromSignResponse(dssSignResponse);
+
+			// memorize signature into authblock
+			moaSession.setAuthBlock(citizenSignature);
+
+			X509Certificate cert = getSignerCertificate(citizenSignature);
+			moaSession.setSignerCertificate(cert);
+			VerifyXMLSignatureResponse xMLVerifySignatureResponse = verifyXMLSignature(citizenSignature);
+			at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse tmp = convert(xMLVerifySignatureResponse);
+
+			moaSession.setXMLVerifySignatureResponse(tmp);
+			executionContext.put("identityLinkAvailable", false);
+			try {
+				IPersonalAttributeList personalAttributeList = moaSession.getAuthnResponseGetPersonalAttributeList();
+				// Add SignResponse TODO Add signature (extracted from signResponse)?
+				List<String> values = new ArrayList<String>();
+				values.add(signResponseString);
+				// values.add(citizenSignature);
+				Logger.debug("Assembling signedDoc attribute");
+				PersonalAttribute signedDocAttribute = new PersonalAttribute("signedDoc", false, values, "Available");
+				personalAttributeList.add(signedDocAttribute);
+
+				String authnContextClassRef = moaSession.getAuthnContextClassRef();
+				SZRGInsertion(moaSession, personalAttributeList, authnContextClassRef, citizenSignature);
+				executionContext.put("identityLinkAvailable", true);
+			} catch (STORKException e) {
+				// this is really nasty but we work against the system here. We are supposed to get the gender attribute
+				// from
+				// stork. If we do not, we cannot register the person in the ERnP - we have to have the
+				// gender for the represented person. So here comes the dirty hack.
+				if (e.getCause() instanceof STORKException
+						&& e.getCause().getMessage().equals("gender not found in response")) {
+					try {
+						Logger.trace("Initialize VelocityEngine...");
+
+						VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+						Template template = velocityEngine.getTemplate("/resources/templates/fetchGender.html");
+						VelocityContext context = new VelocityContext();
+						context.put("SAMLResponse", request.getParameter("SAMLResponse"));
+						context.put("action", request.getRequestURL());
+
+						StringWriter writer = new StringWriter();
+						template.merge(context, writer);
+						response.getOutputStream().write(writer.toString().getBytes("UTF-8"));
+					} catch (Exception e1) {
+						Logger.error("Error sending gender retrival form.", e1);
+						// httpSession.invalidate();
+						throw new MOAIDException("stork.10", null);
+					}
+
+					return;
+				}
+
+				Logger.error("Error connecting SZR Gateway", e);
+				throw new MOAIDException("stork.10", null);
+			}
+
+			Logger.debug("Add full STORK AuthnResponse to MOA session");
+			moaSession.setStorkAuthnResponse(request.getParameter("SAMLResponse"));// TODO ask Florian/Thomas
+																					// authnResponse?
+			moaSession.setForeigner(true);
+
+			// session is implicit stored in changeSessionID!!!!
+			String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
+
+			Logger.info("Changed MOASession " + moaSessionID + " to Session " + newMOASessionID);
+
+			// redirect
+			String redirectURL = null;
+			redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(),
+					ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction(), pendingRequestID),
+					newMOASessionID);
+			redirectURL = response.encodeRedirectURL(redirectURL);
+
+			response.sendRedirect(redirectURL);
+			Logger.info("REDIRECT TO: " + redirectURL);
+
+		} catch (AuthenticationException e) {
+			handleError(null, e, request, response, pendingRequestID);
+
+		} catch (MOAIDException e) {
+			handleError(null, e, request, response, pendingRequestID);
+
+		} catch (Exception e) {
+			Logger.error("PEPSConnector has an interal Error.", e);
+		}
+
+		finally {
+			ConfigurationDBUtils.closeSession();
+		}
+	}
+
+}
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java
new file mode 100644
index 000000000..3338804b4
--- /dev/null
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java
@@ -0,0 +1,439 @@
+package at.gv.egovernment.moa.id.auth.modules.stork.tasks;
+
+import iaik.x509.X509Certificate;
+
+import java.io.IOException;
+import java.io.StringWriter;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.transform.Source;
+import javax.xml.transform.stream.StreamSource;
+
+import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.velocity.Template;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+import org.opensaml.saml2.core.StatusCode;
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet;
+import at.gv.egovernment.moa.id.auth.stork.STORKException;
+import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
+import at.gv.egovernment.moa.id.util.VelocityProvider;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.StringUtils;
+import eu.stork.oasisdss.api.ApiUtils;
+import eu.stork.oasisdss.profile.SignRequest;
+import eu.stork.oasisdss.profile.SignResponse;
+import eu.stork.peps.auth.commons.IPersonalAttributeList;
+import eu.stork.peps.auth.commons.PEPSUtil;
+import eu.stork.peps.auth.commons.PersonalAttribute;
+import eu.stork.peps.auth.commons.STORKAuthnRequest;
+import eu.stork.peps.auth.commons.STORKAuthnResponse;
+import eu.stork.peps.auth.engine.STORKSAMLEngine;
+import eu.stork.peps.exceptions.STORKSAMLEngineException;
+
+/**
+ * Validates the SAML response from C-PEPS.
+ * <p/>
+ * In detail:
+ * <ul>
+ * <li>Decodes and validates SAML response from C-PEPS.</li>
+ * <li>Retrieves the moa session using the session id provided by HttpServletRequest parameter {@code RelayState} or by {@code inResponseTo} attribute of the saml response.</li>
+ * <li>Store saml response in moa session.</li>
+ * <li>Change moa session id.</li>
+ * <li>Redirect to {@code /PEPSConnectorWithLocalSigning}, with providing the moa session id as request parameter.</li>
+ * </ul>
+ * Expects:
+ * <ul>
+ * <li>HttpServletRequest parameter {@code moaSessionID} <strong>to be {@code null}</strong></li>
+ * <li>HttpServletRequest parameter {@code signresponse} <strong>to be {@code null}</strong></li>
+ * <li>HttpServletRequest parameter {@code SAMLResponse}</li>
+ * <li>Either HttpServletRequest parameter {@code RelayState} or {@code inResponseTo} attribute within the saml response, both reflecting the moa session id.</li>
+ * </ul>
+ * Result:
+ * <ul>
+ * <li>Updated moa session (with saml response).</li>
+ * <li>Redirect to {@code /PEPSConnectorWithLocalSigning}, with providing the moa session id as request parameter.</li>
+ * </ul>
+ * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet}.<br/>
+ *
+ * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
+ */
+public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPepsConnectorWithLocalSigningTask {
+
+	private String oasisDssWebFormURL = "https://testvidp.buergerkarte.at/oasis-dss/DSSWebFormServlet";
+	// load from config below
+
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+			throws Exception {
+		String moaSessionID = request.getParameter("moaSessionID");
+		String signResponse = request.getParameter("signresponse");
+		Logger.info("moaSessionID:" + moaSessionID);
+		Logger.info("signResponse:" + signResponse);
+
+		if (moaSessionID == null && signResponse == null) {
+			// normal saml response
+			handleSAMLResponse(executionContext, request, response);
+
+		} else {
+			// should not occur
+			throw new IOException("should not occur");
+		}
+		return;
+	}
+
+	private void handleSAMLResponse(ExecutionContext executionContext, HttpServletRequest request,
+			HttpServletResponse response) {
+		Logger.info("handleSAMLResponse started");
+		String pendingRequestID = null;
+
+		setNoCachingHeaders(response);
+		try {
+			Logger.info("PEPSConnector Servlet invoked, expecting C-PEPS message.");
+			Logger.debug("This ACS endpoint is: " + HTTPUtils.getBaseURL(request));
+
+			Logger.trace("No Caching headers set for HTTP response");
+
+			// check if https or only http
+			super.checkIfHTTPisAllowed(request.getRequestURL().toString());
+
+			Logger.debug("Beginning to extract SAMLResponse out of HTTP Request");
+
+			// extract STORK Response from HTTP Request
+			// Decodes SAML Response
+			byte[] decSamlToken;
+			try {
+				decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLResponse"));
+				Logger.debug("SAMLResponse: " + new String(decSamlToken));
+
+			} catch (NullPointerException e) {
+				Logger.error("Unable to retrieve STORK Response", e);
+				throw new MOAIDException("stork.04", null);
+			}
+
+			// Get SAMLEngine instance
+			STORKSAMLEngine engine = STORKSAMLEngine.getInstance("outgoing");
+
+			STORKAuthnResponse authnResponse = null;
+			try {
+				// validate SAML Token
+				Logger.debug("Starting validation of SAML response");
+				authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, (String) request.getRemoteHost());
+				Logger.info("SAML response succesfully verified!");
+			} catch (STORKSAMLEngineException e) {
+				Logger.error("Failed to verify STORK SAML Response", e);
+				throw new MOAIDException("stork.05", null);
+			}
+
+			Logger.info("STORK SAML Response message succesfully extracted");
+			Logger.debug("STORK response: ");
+			Logger.debug(authnResponse.toString());
+
+			Logger.debug("Trying to find MOA Session-ID ...");
+			// String moaSessionID = request.getParameter(PARAM_SESSIONID);
+			// first use SAML2 relayState
+			String moaSessionID = request.getParameter("RelayState");
+
+			// escape parameter strings
+			moaSessionID = StringEscapeUtils.escapeHtml(moaSessionID);
+
+			// check if SAML2 relaystate includes a MOA sessionID
+			if (StringUtils.isEmpty(moaSessionID)) {
+				// if relaystate is emtpty, use SAML response -> inResponseTo element as session identifier
+
+				moaSessionID = authnResponse.getInResponseTo();
+				moaSessionID = StringEscapeUtils.escapeHtml(moaSessionID);
+
+				if (StringUtils.isEmpty(moaSessionID)) {
+					// No authentication session has been started before
+					Logger.error("MOA-SessionID was not found, no previous AuthnRequest had been started");
+					Logger.debug("PEPSConnectorURL was: " + request.getRequestURL());
+					throw new AuthenticationException("auth.02", new Object[] { moaSessionID });
+
+				} else
+					Logger.trace("Use MOA SessionID " + moaSessionID + " from AuthnResponse->inResponseTo attribute.");
+
+			} else
+				// Logger.trace("MOA SessionID " + moaSessionID + " is found in http GET parameter.");
+				Logger.trace("MOA SessionID " + moaSessionID + " is found in SAML2 relayState.");
+
+			/*
+			 * INFO!!!! SAML message IDs has an different format then MOASessionIDs This is only a workaround because
+			 * many PEPS does not support SAML2 relayState or MOASessionID as AttributConsumerServiceURL GET parameter
+			 */
+			// if (!ParamValidatorUtils.isValidSessionID(moaSessionID))
+			// throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12");
+
+			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);
+
+			// load MOASession from database
+			AuthenticationSession moaSession = AuthenticationServer.getSession(moaSessionID);
+			// change MOASessionID
+			moaSessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
+
+			Logger.info("Found MOA sessionID: " + moaSessionID);
+
+			String statusCodeValue = authnResponse.getStatusCode();
+
+			if (!statusCodeValue.equals(StatusCode.SUCCESS_URI)) {
+				Logger.error("Received ErrorResponse from PEPS: " + statusCodeValue);
+				throw new MOAIDException("stork.06", new Object[] { statusCodeValue });
+			}
+
+			Logger.info("Got SAML response with authentication success message.");
+
+			Logger.debug("MOA session is still valid");
+
+			STORKAuthnRequest storkAuthnRequest = moaSession.getStorkAuthnRequest();
+
+			if (storkAuthnRequest == null) {
+				Logger.error("Could not find any preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
+				throw new MOAIDException("stork.07", null);
+			}
+
+			Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
+
+			// //////////// incorporate gender from parameters if not in stork response
+
+			IPersonalAttributeList attributeList = authnResponse.getPersonalAttributeList();
+
+			// but first, check if we have a representation case
+			if (STORKResponseProcessor.hasAttribute("mandateContent", attributeList)
+					|| STORKResponseProcessor.hasAttribute("representative", attributeList)
+					|| STORKResponseProcessor.hasAttribute("represented", attributeList)) {
+				// in a representation case...
+				moaSession.setUseMandate("true");
+
+				// and check if we have the gender value
+				PersonalAttribute gender = attributeList.get("gender");
+				if (null == gender) {
+					String gendervalue = (String) request.getParameter("gender");
+					if (null != gendervalue) {
+						gender = new PersonalAttribute();
+						gender.setName("gender");
+						ArrayList<String> tmp = new ArrayList<String>();
+						tmp.add(gendervalue);
+						gender.setValue(tmp);
+
+						authnResponse.getPersonalAttributeList().add(gender);
+					}
+				}
+			}
+
+			
+			
+			// ////////////////////////////////////////////////////////////////////////
+
+			Logger.debug("Starting extraction of signedDoc attribute");
+			// extract signed doc element and citizen signature
+			String citizenSignature = null;
+			try {
+				PersonalAttribute signedDoc = authnResponse.getPersonalAttributeList().get("signedDoc");
+				String signatureInfo = null;
+				// FIXME: Remove nonsense code (signedDoc attribute... (throw Exception for "should not occur" situations)), adjust error messages in order to reflect the true problem...
+				if (signedDoc != null) {
+					signatureInfo = signedDoc.getValue().get(0);
+					// should not occur
+				} else {
+
+					// store SAMLResponse
+					moaSession.setSAMLResponse(request.getParameter("SAMLResponse"));
+					// store authnResponse
+
+					// moaSession.setAuthnResponse(authnResponse);//not serializable
+					moaSession.setAuthnResponseGetPersonalAttributeList(authnResponse.getPersonalAttributeList());
+
+					String authnContextClassRef = null;
+					try {
+						authnContextClassRef = authnResponse.getAssertions().get(0).getAuthnStatements().get(0)
+								.getAuthnContext().getAuthnContextClassRef().getAuthnContextClassRef();
+					} catch (Throwable e) {
+						Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level");
+					}
+
+					moaSession.setAuthnContextClassRef(authnContextClassRef);
+					moaSession.setReturnURL(request.getRequestURL());
+
+					// load signedDoc
+					String signRequest = moaSession.getSignedDoc();
+
+					// session is implicit stored in changeSessionID!!!!
+					String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
+
+					// set return url to PEPSConnectorWithLocalSigningServlet and add newMOASessionID
+					// signRequest
+
+					String issuerValue = AuthConfigurationProvider.getInstance().getPublicURLPrefix();
+					String acsURL = issuerValue
+							+ PEPSConnectorWithLocalSigningServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN;
+
+					String url = acsURL + "?moaSessionID=" + newMOASessionID;
+					// redirect to OASIS module and sign there
+
+					boolean found = false;
+					try {
+						List<AttributeProviderPlugin> aps = AuthConfigurationProvider.getInstance()
+								.getOnlineApplicationParameter(moaSession.getPublicOAURLPrefix()).getStorkAPs();
+						Logger.info("Found AttributeProviderPlugins:" + aps.size());
+						for (AttributeProviderPlugin ap : aps) {
+							Logger.info("Found AttributeProviderPlugin attribute:" + ap.getAttributes());
+							if (ap.getAttributes().equalsIgnoreCase("signedDoc")) {
+								// FIXME: A servlet's class field is not thread safe!!!
+								oasisDssWebFormURL = ap.getUrl();
+								found = true;
+								Logger.info("Loaded signedDoc attribute provider url from config:" + oasisDssWebFormURL);
+								break;
+							}
+						}
+					} catch (Exception e) {
+						e.printStackTrace();
+						Logger.error("Loading the signedDoc attribute provider url from config failed");
+					}
+					if (!found) {
+						Logger.error("Failed to load the signedDoc attribute provider url from config");
+					}
+					performRedirect(url, request, response, signRequest);
+
+					return;
+				}
+				
+				// FIXME: This servlet/task is intended to handle peps responses without signature, so why do we try to process that signature here?
+				SignResponse dssSignResponse = (SignResponse) ApiUtils.unmarshal(new StreamSource(
+						new java.io.StringReader(signatureInfo)));
+
+				citizenSignature = getCitizienSignatureFromSignResponse(dssSignResponse);
+
+				// memorize signature into authblock
+				moaSession.setAuthBlock(citizenSignature);
+
+				X509Certificate cert = getSignerCertificate(citizenSignature);
+				moaSession.setSignerCertificate(cert);
+				moaSession.setForeigner(true);
+
+			} catch (Throwable e) {
+				Logger.error("Could not extract citizen signature from C-PEPS", e);
+				throw new MOAIDException("stork.09", null);
+			}
+
+			// FIXME: Same here; we do not have the citizen's signature, so this code might be regarded as dead code.
+			try {
+				SZRGInsertion(moaSession, authnResponse.getPersonalAttributeList(), authnResponse.getAssertions()
+						.get(0).getAuthnStatements().get(0).getAuthnContext().getAuthnContextClassRef()
+						.getAuthnContextClassRef(), citizenSignature);
+			} catch (STORKException e) {
+				// this is really nasty but we work against the system here. We are supposed to get the gender attribute
+				// from
+				// stork. If we do not, we cannot register the person in the ERnP - we have to have the
+				// gender for the represented person. So here comes the dirty hack.
+				if (e.getCause() instanceof STORKException
+						&& e.getCause().getMessage().equals("gender not found in response")) {
+					try {
+						Logger.trace("Initialize VelocityEngine...");
+
+						VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+						Template template = velocityEngine.getTemplate("/resources/templates/fetchGender.html");
+						VelocityContext context = new VelocityContext();
+						context.put("SAMLResponse", request.getParameter("SAMLResponse"));
+						context.put("action", request.getRequestURL());
+
+						StringWriter writer = new StringWriter();
+						template.merge(context, writer);
+
+						response.getOutputStream().write(writer.toString().getBytes("UTF-8"));
+					} catch (Exception e1) {
+						Logger.error("Error sending gender retrival form.", e1);
+						// httpSession.invalidate();
+						throw new MOAIDException("stork.10", null);
+					}
+
+					return;
+				}
+
+				Logger.error("Error connecting SZR Gateway", e);
+				throw new MOAIDException("stork.10", null);
+			}
+
+			Logger.debug("Add full STORK AuthnResponse to MOA session");
+			moaSession.setStorkAuthnResponse(request.getParameter("SAMLResponse"));// TODO ask Florian/Thomas
+																					// authnResponse?
+
+			// session is implicit stored in changeSessionID!!!!
+			String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
+
+			Logger.info("Changed MOASession " + moaSessionID + " to Session " + newMOASessionID);
+
+			// redirect
+			String redirectURL = null;
+			redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(),
+					ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction(), pendingRequestID),
+					newMOASessionID);
+			redirectURL = response.encodeRedirectURL(redirectURL);
+
+			response.setContentType("text/html");
+			response.setStatus(302);
+			response.addHeader("Location", redirectURL);
+			Logger.info("REDIRECT TO: " + redirectURL);
+
+		} catch (AuthenticationException e) {
+			handleError(null, e, request, response, pendingRequestID);
+
+		} catch (MOAIDException e) {
+			handleError(null, e, request, response, pendingRequestID);
+
+		} catch (Exception e) {
+			Logger.error("PEPSConnector has an interal Error.", e);
+		}
+
+		finally {
+			ConfigurationDBUtils.closeSession();
+		}
+
+	}
+
+	private void performRedirect(String url, HttpServletRequest req, HttpServletResponse resp, String signRequestString)
+			throws MOAIDException {
+
+		try {
+			Logger.trace("Initialize VelocityEngine...");
+
+			VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+			Template template = velocityEngine.getTemplate("/resources/templates/oasis_dss_webform_binding.vm");
+			VelocityContext context = new VelocityContext();
+
+			Logger.debug("performRedirect, signrequest:" + signRequestString);
+			Source signDoc = new StreamSource(new java.io.StringReader(signRequestString));
+			SignRequest signRequest = ApiUtils.unmarshal(signDoc, SignRequest.class);
+			signRequest.setReturnURL("TODO");
+			signRequestString = IOUtils.toString(ApiUtils.marshalToInputStream(signRequest));
+			context.put("signrequest", Base64.encodeBase64String(signRequestString.getBytes("UTF8")));
+			context.put("clienturl", url);
+			context.put("action", oasisDssWebFormURL);
+
+			StringWriter writer = new StringWriter();
+			template.merge(context, writer);
+
+			resp.getOutputStream().write(writer.toString().getBytes("UTF-8"));
+		} catch (Exception e) {
+			Logger.error("Error sending DSS signrequest.", e);
+			throw new MOAIDException("stork.11", null);
+		}
+	}
+}
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java
new file mode 100644
index 000000000..94017e9f6
--- /dev/null
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java
@@ -0,0 +1,566 @@
+package at.gv.egovernment.moa.id.auth.modules.stork.tasks;
+
+import iaik.x509.X509Certificate;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.StringWriter;
+import java.net.URL;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Properties;
+
+import javax.activation.DataSource;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.namespace.QName;
+import javax.xml.transform.stream.StreamSource;
+import javax.xml.ws.BindingProvider;
+import javax.xml.ws.Service;
+import javax.xml.ws.soap.SOAPBinding;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.velocity.Template;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+import org.opensaml.saml2.core.StatusCode;
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.stork.STORKException;
+import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
+import at.gv.egovernment.moa.id.util.VelocityProvider;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.StringUtils;
+import at.gv.util.xsd.xmldsig.SignatureType;
+import at.gv.util.xsd.xmldsig.X509DataType;
+import eu.stork.documentservice.DocumentService;
+import eu.stork.documentservice.data.DatabaseConnectorMySQLImpl;
+import eu.stork.oasisdss.api.ApiUtils;
+import eu.stork.oasisdss.api.LightweightSourceResolver;
+import eu.stork.oasisdss.api.exceptions.ApiUtilsException;
+import eu.stork.oasisdss.profile.DocumentType;
+import eu.stork.oasisdss.profile.DocumentWithSignature;
+import eu.stork.oasisdss.profile.SignResponse;
+import eu.stork.peps.auth.commons.IPersonalAttributeList;
+import eu.stork.peps.auth.commons.PEPSUtil;
+import eu.stork.peps.auth.commons.PersonalAttribute;
+import eu.stork.peps.auth.commons.PersonalAttributeList;
+import eu.stork.peps.auth.commons.STORKAttrQueryRequest;
+import eu.stork.peps.auth.commons.STORKAuthnRequest;
+import eu.stork.peps.auth.commons.STORKAuthnResponse;
+import eu.stork.peps.auth.engine.STORKSAMLEngine;
+import eu.stork.peps.exceptions.STORKSAMLEngineException;
+
+/**
+ * Evaluates the SAML response from the C-PEPS and authenticates the user.
+ * <p/>
+ * In detail:
+ * <ul>
+ * <li>Decodes and validates the SAML response from the C-PEPS.</li>
+ * <li>Change moa session id.</li>
+ * <li>Extracts the subject's gender from request parameter {@code gender} if not available from the saml response.</li>
+ * <li>Extracts the {@code signedDoc} attribute from the response, get signed doc payload using stork attribute query request.</li>
+ * <li>Request SZR gateway for verification of the citizen's signature and for creating of an identity link.</li>
+ * <li>In case of mandate mode: If the S-PEPS did not provide any gender information, the szr gateway will not be able to issue an identity link. Therefore a form is presented asking for the subject's gender. The form submits the user back to the {@code /PepsConnector} servlet (this task).</li>
+ * <li>The moa session is updated with authentication information.</li>
+ * <li>Change moa session id.</li>
+ * <li>Redirects back to {@code /dispatcher} in order to finalize the authentication.</li>
+ * </ul>
+ * Expects:
+ * <ul>
+ * <li>HttpServletRequest parameter {@code SAMLResponse}</li>
+ * <li>Either HttpServletRequest parameter {@code RelayState} or {@code inResponseTo} attribute from the SAML response (both depicting the moa session id)</li>
+ * <li>HttpServletRequest parameter {@code gender} in case the request comes from the gender selection form</li>
+ * <li>{@code signedDoc} attribute within the SAML response.</li>
+ * </ul>
+ * Result:
+ * <ul>
+ * <li>Updated moa id session (identity link, stork attributes...)</li>
+ * <li>{@link ExecutionContext} contains boolean flag {@code identityLinkAvailable} indicating if an identitylink has been successfully creates or not.</li>
+ * <li>Redirect to {@code /dispatcher}.</li> 
+ * </ul>
+ * Possible branches:
+ * <ul>
+ * <li>In case the szr gateway throws exception due to missing gender information:
+ * <ul>
+ * <li>Returns a form for gender selection with action url back to this servlet/task.</li>
+ * </ul>
+ * </li>
+ * </ul>
+ * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet}.<br/>
+ *
+ * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse)
+ */
+public class PepsConnectorTask extends AbstractAuthServletTask {
+
+	private String dtlUrl = null;
+
+	public PepsConnectorTask() {
+		super();
+		Properties props = new Properties();
+		try {
+			props.load(DatabaseConnectorMySQLImpl.class.getResourceAsStream("docservice.properties"));
+			dtlUrl = props.getProperty("docservice.url");
+		} catch (IOException e) {
+			dtlUrl = "http://testvidp.buergerkarte.at/DocumentService/DocumentService";
+			Logger.error("Loading DTL config failed, using default value:" + dtlUrl);
+			e.printStackTrace();
+		}
+	}
+
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+			throws Exception {
+		String pendingRequestID = null;
+
+		setNoCachingHeaders(response);
+
+		try {
+
+			Logger.info("PEPSConnector Servlet invoked, expecting C-PEPS message.");
+			Logger.debug("This ACS endpoint is: " + HTTPUtils.getBaseURL(request));
+
+			// check if https or only http
+			super.checkIfHTTPisAllowed(request.getRequestURL().toString());
+
+			Logger.debug("Beginning to extract SAMLResponse out of HTTP Request");
+
+			// extract STORK Response from HTTP Request
+			// Decodes SAML Response
+			byte[] decSamlToken;
+			try {
+				decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLResponse"));
+				Logger.debug("SAMLResponse: " + new String(decSamlToken));
+
+			} catch (NullPointerException e) {
+				Logger.error("Unable to retrieve STORK Response", e);
+				throw new MOAIDException("stork.04", null);
+			}
+
+			// Get SAMLEngine instance
+			STORKSAMLEngine engine = STORKSAMLEngine.getInstance("outgoing");
+
+			STORKAuthnResponse authnResponse = null;
+			try {
+				// validate SAML Token
+				Logger.debug("Starting validation of SAML response");
+				authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, (String) request.getRemoteHost());
+				Logger.info("SAML response succesfully verified!");
+			} catch (STORKSAMLEngineException e) {
+				Logger.error("Failed to verify STORK SAML Response", e);
+				throw new MOAIDException("stork.05", null);
+			}
+
+			Logger.info("STORK SAML Response message succesfully extracted");
+			Logger.debug("STORK response: ");
+			Logger.debug(authnResponse.toString());
+
+			Logger.debug("Trying to find MOA Session-ID ...");
+			// String moaSessionID = request.getParameter(PARAM_SESSIONID);
+			// first use SAML2 relayState
+			String moaSessionID = request.getParameter("RelayState");
+
+			// escape parameter strings
+			moaSessionID = StringEscapeUtils.escapeHtml(moaSessionID);
+
+			// check if SAML2 relaystate includes a MOA sessionID
+			if (StringUtils.isEmpty(moaSessionID)) {
+				// if relaystate is emtpty, use SAML response -> inResponseTo element as session identifier
+
+				moaSessionID = authnResponse.getInResponseTo();
+				moaSessionID = StringEscapeUtils.escapeHtml(moaSessionID);
+
+				if (StringUtils.isEmpty(moaSessionID)) {
+					// No authentication session has been started before
+					Logger.error("MOA-SessionID was not found, no previous AuthnRequest had been started");
+					Logger.debug("PEPSConnectorURL was: " + request.getRequestURL());
+					throw new AuthenticationException("auth.02", new Object[] { moaSessionID });
+
+				} else
+					Logger.trace("Use MOA SessionID " + moaSessionID + " from AuthnResponse->inResponseTo attribute.");
+
+			} else
+				// Logger.trace("MOA SessionID " + moaSessionID + " is found in http GET parameter.");
+				Logger.trace("MOA SessionID " + moaSessionID + " is found in SAML2 relayState.");
+
+			/*
+			 * INFO!!!! SAML message IDs has an different format then MOASessionIDs This is only a workaround because
+			 * many PEPS does not support SAML2 relayState or MOASessionID as AttributConsumerServiceURL GET parameter
+			 */
+			// if (!ParamValidatorUtils.isValidSessionID(moaSessionID))
+			// throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12");
+
+			pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);
+
+			// load MOASession from database
+			AuthenticationSession moaSession = AuthenticationServer.getSession(moaSessionID);
+			// change MOASessionID
+			moaSessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
+
+			Logger.info("Found MOA sessionID: " + moaSessionID);
+
+			String statusCodeValue = authnResponse.getStatusCode();
+
+			if (!statusCodeValue.equals(StatusCode.SUCCESS_URI)) {
+				Logger.error("Received ErrorResponse from PEPS: " + statusCodeValue);
+				throw new MOAIDException("stork.06", new Object[] { statusCodeValue });
+			}
+
+			Logger.info("Got SAML response with authentication success message.");
+
+			Logger.debug("MOA session is still valid");
+
+			STORKAuthnRequest storkAuthnRequest = moaSession.getStorkAuthnRequest();
+
+			if (storkAuthnRequest == null) {
+				Logger.error("Could not find any preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
+				throw new MOAIDException("stork.07", null);
+			}
+
+			Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
+
+			// //////////// incorporate gender from parameters if not in stork response
+
+			IPersonalAttributeList attributeList = authnResponse.getPersonalAttributeList();
+
+			// but first, check if we have a representation case
+			if (STORKResponseProcessor.hasAttribute("mandateContent", attributeList)
+					|| STORKResponseProcessor.hasAttribute("representative", attributeList)
+					|| STORKResponseProcessor.hasAttribute("represented", attributeList)) {
+				// in a representation case...
+				moaSession.setUseMandate("true");
+
+				// and check if we have the gender value
+				PersonalAttribute gender = attributeList.get("gender"); // TODO Do we need to check gender value if
+																		// there is no representation case?
+				if (null == gender) {
+					String gendervalue = (String) request.getParameter("gender");
+					if (null != gendervalue) {
+						gender = new PersonalAttribute();
+						gender.setName("gender");
+						ArrayList<String> tmp = new ArrayList<String>();
+						tmp.add(gendervalue);
+						gender.setValue(tmp);
+
+						authnResponse.getPersonalAttributeList().add(gender);
+					}
+				}
+			}
+
+			// ////////////////////////////////////////////////////////////////////////
+
+			Logger.debug("Starting extraction of signedDoc attribute");
+			// extract signed doc element and citizen signature
+			String citizenSignature = null;
+			try {
+				String signatureInfo = authnResponse.getPersonalAttributeList().get("signedDoc").getValue().get(0); // TODO ERROR HANDLING
+
+				Logger.debug("signatureInfo:" + signatureInfo);
+
+				SignResponse dssSignResponse = (SignResponse) ApiUtils.unmarshal(new StreamSource(
+						new java.io.StringReader(signatureInfo)));
+
+				// fetch signed doc
+				DataSource ds = LightweightSourceResolver.getDataSource(dssSignResponse);
+				if (ds == null) {
+					throw new ApiUtilsException("No datasource found in response");
+				}
+
+				InputStream incoming = ds.getInputStream();
+				citizenSignature = IOUtils.toString(incoming);
+				incoming.close();
+
+				Logger.debug("citizenSignature:" + citizenSignature);
+				if (isDocumentServiceUsed(citizenSignature) == true) {
+					Logger.debug("Loading document from DocumentService.");
+					String url = getDtlUrlFromResponse(dssSignResponse);
+					// get Transferrequest
+					String transferRequest = getDocTransferRequest(dssSignResponse.getDocUI(), url);
+					// Load document from DocujmentService
+					byte[] data = getDocumentFromDtl(transferRequest, url);
+					citizenSignature = new String(data, "UTF-8");
+					Logger.debug("Overridung citizenSignature with:" + citizenSignature);
+				}
+
+				JAXBContext ctx = JAXBContext.newInstance(SignatureType.class.getPackage().getName());
+				SignatureType root = ((JAXBElement<SignatureType>) ctx.createUnmarshaller().unmarshal(
+						IOUtils.toInputStream(citizenSignature))).getValue();
+
+				// memorize signature into authblock
+				moaSession.setAuthBlock(citizenSignature);
+
+				// extract certificate
+				for (Object current : root.getKeyInfo().getContent())
+					if (((JAXBElement<?>) current).getValue() instanceof X509DataType) {
+						for (Object currentX509Data : ((JAXBElement<X509DataType>) current).getValue()
+								.getX509IssuerSerialOrX509SKIOrX509SubjectName()) {
+							JAXBElement<?> casted = ((JAXBElement<?>) currentX509Data);
+							if (casted.getName().getLocalPart().equals("X509Certificate")) {
+								moaSession.setSignerCertificate(new X509Certificate(((String) casted.getValue())
+										.getBytes("UTF-8")));
+								break;
+							}
+						}
+					}
+
+			} catch (Throwable e) {
+				Logger.error("Could not extract citizen signature from C-PEPS", e);
+				throw new MOAIDException("stork.09", null);
+			}
+			Logger.debug("Foregin Citizen signature successfully extracted from STORK Assertion (signedDoc)");
+			Logger.debug("Citizen signature will be verified by SZR Gateway!");
+
+			Logger.debug("fetching OAParameters from database");
+
+			// //read configuration paramters of OA
+			// AuthenticationSession moasession;
+			// try {
+			// moasession = AuthenticationSessionStoreage.getSession(moaSessionID);
+			// } catch (MOADatabaseException e2) {
+			// Logger.error("could not retrieve moa session");
+			// throw new AuthenticationException("auth.01", null);
+			// }
+			OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
+					moaSession.getPublicOAURLPrefix());
+			if (oaParam == null)
+				throw new AuthenticationException("auth.00", new Object[] { moaSession.getPublicOAURLPrefix() });
+
+			// retrieve target
+			// TODO: check in case of SSO!!!
+			String targetType = null;
+			if (oaParam.getBusinessService()) {
+				String id = oaParam.getIdentityLinkDomainIdentifier();
+				if (id.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_))
+					targetType = id;
+				else
+					targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_ + moaSession.getDomainIdentifier();
+			} else {
+				targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget();
+			}
+
+			Logger.debug("Starting connecting SZR Gateway");
+			// contact SZR Gateway
+			IdentityLink identityLink = null;
+			executionContext.put("identityLinkAvailable", false);
+			try {
+				identityLink = STORKResponseProcessor.connectToSZRGateway(authnResponse.getPersonalAttributeList(),
+						oaParam.getFriendlyName(), targetType, null, oaParam.getMandateProfiles(), citizenSignature);
+			} catch (STORKException e) {
+				// this is really nasty but we work against the system here. We are supposed to get the gender attribute
+				// from
+				// stork. If we do not, we cannot register the person in the ERnP - we have to have the
+				// gender for the represented person. So here comes the dirty hack.
+				if (e.getCause() instanceof STORKException
+						&& e.getCause().getMessage().equals("gender not found in response")) {
+					try {
+						Logger.trace("Initialize VelocityEngine...");
+
+						VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+						Template template = velocityEngine.getTemplate("/resources/templates/fetchGender.html");
+						VelocityContext context = new VelocityContext();
+						context.put("SAMLResponse", request.getParameter("SAMLResponse"));
+						context.put("action", request.getRequestURL());
+
+						StringWriter writer = new StringWriter();
+						template.merge(context, writer);
+
+						response.getOutputStream().write(writer.toString().getBytes("UTF-8"));
+					} catch (Exception e1) {
+						Logger.error("Error sending gender retrival form.", e1);
+						// httpSession.invalidate();
+						throw new MOAIDException("stork.10", null);
+					}
+
+					return;
+				}
+
+				Logger.error("Error connecting SZR Gateway", e);
+				throw new MOAIDException("stork.10", null);
+			}
+			Logger.debug("SZR communication was successfull");
+
+			if (identityLink == null) {
+				Logger.error("SZR Gateway did not return an identity link.");
+				throw new MOAIDException("stork.10", null);
+			}
+			moaSession.setForeigner(true);
+
+			Logger.info("Received Identity Link from SZR Gateway");
+			executionContext.put("identityLinkAvailable", true);
+			moaSession.setIdentityLink(identityLink);
+
+			Logger.debug("Adding addtional STORK attributes to MOA session");
+			moaSession.setStorkAttributes(authnResponse.getPersonalAttributeList());
+
+			Logger.debug("Add full STORK AuthnResponse to MOA session");
+			moaSession.setStorkAuthnResponse(request.getParameter("SAMLResponse"));
+
+			// We don't have BKUURL, setting from null to "Not applicable"
+			moaSession.setBkuURL("Not applicable (STORK Authentication)");
+
+			// free for single use
+			moaSession.setAuthenticatedUsed(false);
+
+			// stork did the authentication step
+			moaSession.setAuthenticated(true);
+
+			// TODO: found better solution, but QAA Level in response could be not supported yet
+			try {
+
+				moaSession.setQAALevel(authnResponse.getAssertions().get(0).getAuthnStatements().get(0)
+						.getAuthnContext().getAuthnContextClassRef().getAuthnContextClassRef());
+
+			} catch (Throwable e) {
+				Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level");
+				moaSession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel());
+
+			}
+
+			// session is implicit stored in changeSessionID!!!!
+			String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
+
+			Logger.info("Changed MOASession " + moaSessionID + " to Session " + newMOASessionID);
+
+			// redirect
+			String redirectURL = null;
+			redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(),
+					ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction(), pendingRequestID),
+					newMOASessionID);
+			redirectURL = response.encodeRedirectURL(redirectURL);
+
+			// response.setContentType("text/html");
+			// response.setStatus(302);
+			// response.addHeader("Location", redirectURL);
+			response.sendRedirect(redirectURL);
+			Logger.info("REDIRECT TO: " + redirectURL);
+
+		} catch (AuthenticationException e) {
+			handleError(null, e, request, response, pendingRequestID);
+
+		} catch (MOAIDException e) {
+			handleError(null, e, request, response, pendingRequestID);
+
+		} catch (Exception e) {
+			Logger.error("PEPSConnector has an interal Error.", e);
+		}
+
+		finally {
+			ConfigurationDBUtils.closeSession();
+		}
+
+	}
+
+	private boolean isDocumentServiceUsed(String citizenSignature) // TODo add better check
+	{
+		if (citizenSignature
+				.contains("<table border=\"0\"><tr><td>Service Name:</td><td>{http://stork.eu}DocumentService</td></tr><tr><td>Port Name:</td><td>{http://stork.eu}DocumentServicePort</td></tr></table>"))
+			return true;
+		return false;
+	}
+
+	/**
+	 * Get DTL uril from the oasis sign response
+	 * 
+	 * @param signRequest
+	 *            The signature response
+	 * @return The URL of DTL service
+	 * @throws SimpleException
+	 */
+	private String getDtlUrlFromResponse(SignResponse dssSignResponse) {
+		List<DocumentWithSignature> documents = ApiUtils.findNamedElement(dssSignResponse.getOptionalOutputs(),
+				ApiUtils.OPTIONAL_OUTPUT_DOCUMENTWITHSIGNATURE, DocumentWithSignature.class);
+		DocumentType sourceDocument = documents.get(0).getDocument();
+
+		if (sourceDocument.getDocumentURL() != null)
+			return sourceDocument.getDocumentURL();
+		else
+			return null;// throw new Exception("No document url found");
+	}
+
+	// From DTLPEPSUTIL
+
+	/**
+	 * Get document from DTL
+	 * 
+	 * @param transferRequest
+	 *            The transfer request (attribute query)
+	 * @param eDtlUrl
+	 *            The DTL url of external DTL
+	 * @return the document data
+	 * @throws SimpleException
+	 */
+	private byte[] getDocumentFromDtl(String transferRequest, String eDtlUrl) throws Exception {
+		URL url = null;
+		try {
+			url = new URL(dtlUrl);
+			QName qname = new QName("http://stork.eu", "DocumentService");
+
+			Service service = Service.create(url, qname);
+			DocumentService docservice = service.getPort(DocumentService.class);
+
+			BindingProvider bp = (BindingProvider) docservice;
+			SOAPBinding binding = (SOAPBinding) bp.getBinding();
+			binding.setMTOMEnabled(true);
+
+			if (eDtlUrl.equalsIgnoreCase(dtlUrl))
+				return docservice.getDocument(transferRequest, "");
+			else
+				return docservice.getDocument(transferRequest, eDtlUrl);
+		} catch (Exception e) {
+			e.printStackTrace();
+			throw new Exception("Error in getDocumentFromDtl", e);
+		}
+	}
+
+	/**
+	 * Get a document transfer request (attribute query)
+	 * 
+	 * @param docId
+	 * @return
+	 * @throws SimpleException
+	 */
+	private String getDocTransferRequest(String docId, String destinationUrl) throws Exception {
+		String spCountry = docId.substring(0, docId.indexOf("/"));
+		final STORKSAMLEngine engine = STORKSAMLEngine.getInstance("VIDP");
+		STORKAttrQueryRequest req = new STORKAttrQueryRequest();
+		req.setAssertionConsumerServiceURL(dtlUrl);
+		req.setDestination(destinationUrl);
+		req.setSpCountry(spCountry);
+		req.setQaa(3);// TODO
+		PersonalAttributeList pal = new PersonalAttributeList();
+		PersonalAttribute attr = new PersonalAttribute();
+		attr.setName("docRequest");
+		attr.setIsRequired(true);
+		attr.setValue(Arrays.asList(docId));
+		pal.add(attr);
+		req.setPersonalAttributeList(pal);
+
+		STORKAttrQueryRequest req1;
+		try {
+			req1 = engine.generateSTORKAttrQueryRequest(req);
+			return PEPSUtil.encodeSAMLTokenUrlSafe(req1.getTokenSaml());
+		} catch (STORKSAMLEngineException e) {
+			e.printStackTrace();
+			throw new Exception("Error in doc request attribute query generation", e);
+		}
+	}
+
+}
diff --git a/id/server/modules/module-stork/src/main/resources/at/gv/egovernment/moa/id/auth/modules/stork/STORK.authmodule.beans.xml b/id/server/modules/module-stork/src/main/resources/at/gv/egovernment/moa/id/auth/modules/stork/STORK.authmodule.beans.xml
new file mode 100644
index 000000000..2e924bdd0
--- /dev/null
+++ b/id/server/modules/module-stork/src/main/resources/at/gv/egovernment/moa/id/auth/modules/stork/STORK.authmodule.beans.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:context="http://www.springframework.org/schema/context"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
+
+	<context:annotation-config />
+
+	<bean id="storkAuthModule" class="at.gv.egovernment.moa.id.auth.modules.stork.STORKAuthModuleImpl">
+		<property name="priority" value="0" />
+	</bean>
+
+</beans>
diff --git a/id/server/modules/module-stork/src/main/resources/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthentication.process.xml b/id/server/modules/module-stork/src/main/resources/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthentication.process.xml
new file mode 100644
index 000000000..60989e638
--- /dev/null
+++ b/id/server/modules/module-stork/src/main/resources/at/gv/egovernment/moa/id/auth/modules/stork/STORKAuthentication.process.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<pd:ProcessDefinition id="STORKAuthentication" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1">
+
+<!--
+	STORK authentication both with C-PEPS supporting xml signatures and with C-PEPS not supporting xml signatures.
+-->
+	<pd:Task id="createStorkAuthRequestForm"      class="at.gv.egovernment.moa.id.auth.modules.stork.tasks.CreateStorkAuthRequestFormTask" />
+	<pd:Task id="pepsConnector"                   class="at.gv.egovernment.moa.id.auth.modules.stork.tasks.PepsConnectorTask"                               async="true" />
+	<pd:Task id="pepsConnectorWithoutSignature"   class="at.gv.egovernment.moa.id.auth.modules.stork.tasks.PepsConnectorHandleResponseWithoutSignatureTask" async="true" />
+	<pd:Task id="pepsConnectorWithLocalSignature" class="at.gv.egovernment.moa.id.auth.modules.stork.tasks.PepsConnectorHandleLocalSignResponseTask"        async="true" />
+
+	<!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. -->
+	<pd:StartEvent id="start" />
+	
+	<pd:Transition from="start" to="createStorkAuthRequestForm" />
+	
+	<pd:Transition from="createStorkAuthRequestForm" to="pepsConnector" conditionExpression="ctx['C-PEPS:XMLSignatureSupported']" />
+	<pd:Transition from="createStorkAuthRequestForm" to="pepsConnectorWithoutSignature" />
+	
+	<pd:Transition from="pepsConnector" to="pepsConnector" conditionExpression="!ctx['identityLinkAvailable']" /> <!-- honor strange intermediate step of asking for the subject's gender -->
+	<pd:Transition from="pepsConnector" to="end" />
+	
+	<pd:Transition from="pepsConnectorWithoutSignature"   to="pepsConnectorWithLocalSignature" />
+	<pd:Transition from="pepsConnectorWithLocalSignature" to="pepsConnectorWithoutSignature" conditionExpression="!ctx['identityLinkAvailable']" /> <!-- honor strange intermediate step of asking for the subject's gender -->
+	<pd:Transition from="pepsConnectorWithLocalSignature" to="end" />
+	
+	<pd:EndEvent id="end" />
+
+</pd:ProcessDefinition>
diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml
new file mode 100644
index 000000000..64b1b57b4
--- /dev/null
+++ b/id/server/modules/pom.xml
@@ -0,0 +1,48 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+
+	<parent>
+		<groupId>MOA.id</groupId>
+		<artifactId>moa-id</artifactId>
+		<version>2.x</version>
+	</parent>
+
+	<groupId>MOA.id.server.modules</groupId>
+	<artifactId>moa-id-modules</artifactId>
+	<version>${moa-id-version}</version>
+	<packaging>pom</packaging>
+
+	<name>MOA ID-Modules</name>
+
+	<properties>
+		<repositoryPath>${basedir}/../../../repository</repositoryPath>
+	</properties>
+	
+	<modules>
+		<module>module-stork</module>
+	</modules>
+	
+	<dependencies>
+		<dependency>
+			<groupId>MOA.id.server</groupId>
+			<artifactId>moa-id-lib</artifactId>
+			<exclusions>
+				<exclusion>
+					<groupId>commons-logging</groupId>
+					<artifactId>commons-logging</artifactId>
+				</exclusion>
+				<exclusion>
+					<groupId>ch.qos.logback</groupId>
+					<artifactId>logback-classic</artifactId>
+				</exclusion>
+			</exclusions>
+		</dependency>
+		<dependency>
+			<groupId>javax.servlet</groupId>
+			<artifactId>javax.servlet-api</artifactId>
+			<scope>provided</scope>
+		</dependency>
+	</dependencies>
+	
+</project>
diff --git a/id/server/pom.xml b/id/server/pom.xml
index 14cb227e7..9d34cce78 100644
--- a/id/server/pom.xml
+++ b/id/server/pom.xml
@@ -28,6 +28,7 @@
         <module>moa-id-commons</module>
         <module>stork2-saml-engine</module>
         <module>stork2-commons</module>
+        <module>modules</module>
     </modules>
 
 	<dependencyManagement>
diff --git a/pom.xml b/pom.xml
index 9a77ada22..95a3f1155 100644
--- a/pom.xml
+++ b/pom.xml
@@ -323,7 +323,12 @@
             	<artifactId>moa-id-commons</artifactId>
             	<version>${moa-id-version}</version>
               <scope>compile</scope>
-        		</dependency>            
+        		</dependency>
+			<dependency>
+				<groupId>MOA.id.server.modules</groupId>
+				<artifactId>moa-id-module-stork</artifactId>
+				<version>${moa-id-version}</version>
+			</dependency>            
             <dependency>
                 <groupId>MOA.spss.server</groupId>
                 <artifactId>moa-spss-lib</artifactId>
-- 
cgit v1.2.3


From a9dc7e094a8732f9826ab77648758dd39adc7324 Mon Sep 17 00:00:00 2001
From: Thomas Knall <t.knall@datentechnik-innovation.com>
Date: Wed, 4 Feb 2015 13:54:32 +0100
Subject: Add logging for automatic servlet registration.

---
 id/server/auth/src/main/webapp/WEB-INF/web.xml        |  9 ++++++++-
 .../modules/stork/STORKWebApplicationInitializer.java | 19 +++++++++++++++----
 2 files changed, 23 insertions(+), 5 deletions(-)

(limited to 'id/server/auth/src')

diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml
index 41c46bd22..930b10f43 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/web.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml
@@ -137,16 +137,23 @@
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.ProcessEngineSignalServlet</servlet-class>
 	</servlet>
 	<servlet-mapping>
+		<!-- do not change this servlet-name -->
 		<servlet-name>ProcessEngineSignal</servlet-name>
+		
 		<!-- Use this url-pattern in order to signal the next (asynchronous) task. -->
 		<url-pattern>/signalProcess</url-pattern>
+		
 		<!-- legacy url patterns for asynchronous tasks (internal default module/processes) -->
 		<url-pattern>/GetMISSessionID</url-pattern>
 		<url-pattern>/GetForeignID</url-pattern>
 		<url-pattern>/VerifyAuthBlock</url-pattern>
 		<url-pattern>/VerifyCertificate</url-pattern>
 		<url-pattern>/VerifyIdentityLink</url-pattern>
-		<!-- STORK servlet mappings; automatically registered by the stork module -->
+		
+		<!--
+			STORK servlet mappings; automatically registered by the stork module;
+			refer to at.gv.egovernment.moa.id.auth.modules.stork.STORKWebApplicationInitializer
+		-->
 		<!--
 		<url-pattern>/PEPSConnectorWithLocalSigning</url-pattern>
 		<url-pattern>/PEPSConnector</url-pattern>
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORKWebApplicationInitializer.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORKWebApplicationInitializer.java
index 7478a57c3..c54c9a26d 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORKWebApplicationInitializer.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/STORKWebApplicationInitializer.java
@@ -4,6 +4,8 @@ import javax.servlet.ServletContext;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRegistration;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.web.WebApplicationInitializer;
 
 import at.gv.egovernment.moa.id.auth.servlet.ProcessEngineSignalServlet;
@@ -23,15 +25,24 @@ import at.gv.egovernment.moa.id.auth.servlet.ProcessEngineSignalServlet;
  * @see ProcessEngineSignalServlet
  */
 public class STORKWebApplicationInitializer implements WebApplicationInitializer {
+	
+	private Logger log = LoggerFactory.getLogger(getClass());
+	
+	private static final String SIGNAL_SERVLET_NAME = "ProcessEngineSignal";
+	
+	private void addMapping(ServletRegistration servletRegistration, String mapping) {
+		log.debug("Adding mapping '{}' to servlet '{}' ({}).", mapping, SIGNAL_SERVLET_NAME, servletRegistration.getClassName());
+		servletRegistration.addMapping(mapping);
+	}
 
 	@Override
 	public void onStartup(ServletContext servletContext) throws ServletException {
-		ServletRegistration servletRegistration = servletContext.getServletRegistration("ProcessEngineSignal");
+		ServletRegistration servletRegistration = servletContext.getServletRegistration(SIGNAL_SERVLET_NAME);
 		if (servletRegistration == null) {
-			throw new IllegalStateException("Servlet 'ProcessEngineSignal' expected to be registered.");
+			throw new IllegalStateException("Servlet '" + SIGNAL_SERVLET_NAME + "' expected to be registered (e.g. by web.xml).");
 		}
-		servletRegistration.addMapping("/PEPSConnectorWithLocalSigning");
-		servletRegistration.addMapping("/PEPSConnector");
+		addMapping(servletRegistration, "/PEPSConnectorWithLocalSigning");
+		addMapping(servletRegistration, "/PEPSConnector");
 	}
 
 }
-- 
cgit v1.2.3


From 74a42b6128f6f8d21a65dddb9405cd52ebbc0520 Mon Sep 17 00:00:00 2001
From: Thomas Knall <t.knall@datentechnik-innovation.com>
Date: Wed, 4 Feb 2015 15:37:10 +0100
Subject: Create exemplary AuthServlet module (MOAID-68)

- Create new module moa-id-module-monitoring.
- Move MonitoringServlet, DatabaseTestModule, IdentityLinkTestModule, TestManager and TestModuleInterface to new module.
- Update pom.xml, adding new module dependency.
- Update web.xml, disabling static servlet registration.
- Add @WebServlet servlet registration for MonitoringServlet.
---
 id/server/auth/pom.xml                             |   8 ++
 id/server/auth/src/main/webapp/WEB-INF/web.xml     |   3 +
 .../moa/id/auth/servlet/MonitoringServlet.java     | 126 ------------------
 .../moa/id/monitoring/DatabaseTestModule.java      | 142 ---------------------
 .../moa/id/monitoring/IdentityLinkTestModule.java  | 109 ----------------
 .../egovernment/moa/id/monitoring/TestManager.java | 111 ----------------
 .../moa/id/monitoring/TestModuleInterface.java     |  34 -----
 id/server/modules/module-monitoring/pom.xml        |  22 ++++
 .../moa/id/auth/servlet/MonitoringServlet.java     | 132 +++++++++++++++++++
 .../moa/id/monitoring/DatabaseTestModule.java      | 142 +++++++++++++++++++++
 .../moa/id/monitoring/IdentityLinkTestModule.java  | 109 ++++++++++++++++
 .../egovernment/moa/id/monitoring/TestManager.java | 111 ++++++++++++++++
 .../moa/id/monitoring/TestModuleInterface.java     |  34 +++++
 id/server/modules/pom.xml                          |   1 +
 pom.xml                                            |   5 +
 15 files changed, 567 insertions(+), 522 deletions(-)
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/TestModuleInterface.java
 create mode 100644 id/server/modules/module-monitoring/pom.xml
 create mode 100644 id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java
 create mode 100644 id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java
 create mode 100644 id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
 create mode 100644 id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
 create mode 100644 id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestModuleInterface.java

(limited to 'id/server/auth/src')

diff --git a/id/server/auth/pom.xml b/id/server/auth/pom.xml
index df45568dc..cf394b7ad 100644
--- a/id/server/auth/pom.xml
+++ b/id/server/auth/pom.xml
@@ -137,10 +137,18 @@
             <artifactId>oasis-dss-api</artifactId>
             <version>1.0.0-RELEASE</version>
         </dependency>
+        
+        <!-- Adding stork module dependency automatically adds stork capabilities. -->
 		<dependency>
 			<groupId>MOA.id.server.modules</groupId>
 			<artifactId>moa-id-module-stork</artifactId>
 		</dependency>
+		
+		<!-- Adding monitoring module dependency automatically adds monitoring capabilities. -->
+		<dependency>
+			<groupId>MOA.id.server.modules</groupId>
+			<artifactId>moa-id-module-monitoring</artifactId>
+		</dependency>
 
         <!-- transitive dependencies we don't want to include into the war -->
 		<dependency>
diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml
index 930b10f43..5afc0dee7 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/web.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml
@@ -67,6 +67,8 @@
 		<url-pattern>/RedirectServlet</url-pattern>
 	</servlet-mapping>
 	
+	<!-- automatically registered by module 'moa-id-module-monitoring' using @WebServlet annotation -->
+	<!--
 	<servlet>
 		<display-name>MonitoringServlet</display-name>
 		<servlet-name>MonitoringServlet</servlet-name>
@@ -76,6 +78,7 @@
 		<servlet-name>MonitoringServlet</servlet-name>
 		<url-pattern>/MonitoringServlet</url-pattern>
 	</servlet-mapping>
+	-->
 	
 	<servlet>
 		<display-name>SSOSendAssertionServlet</display-name>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java
deleted file mode 100644
index e04f97e6e..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java
+++ /dev/null
@@ -1,126 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-package at.gv.egovernment.moa.id.auth.servlet;
-
-import java.io.IOException;
-import java.io.PrintWriter;
-import java.util.Arrays;
-import java.util.List;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.monitoring.TestManager;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-public class MonitoringServlet extends AuthServlet {
-
-	private static final long serialVersionUID = 1L;
-	private static final String REQUEST_ATTR_MODULE = "module";
-	
-	
-	  protected void doGet(HttpServletRequest req, HttpServletResponse resp)
-			    throws ServletException, IOException {
-		  
-		  try {
-			AuthConfigurationProvider config = AuthConfigurationProvider.getInstance();
-			
-			if (config.isMonitoringActive()) {
-				Logger.debug("Monitoring Servlet received request");
-
-				TestManager tests = TestManager.getInstance();
-				
-				String modulename = req.getParameter(REQUEST_ATTR_MODULE);
-				if (MiscUtil.isEmpty(modulename)) {
-				
-					List<String> error = tests.executeTests();
-					if (error != null && error.size() > 0) {
-						createErrorMessage(req, resp, error);
-						
-					} else {
-						resp.setStatus(HttpServletResponse.SC_OK);
-						resp.setContentType("text/html;charset=UTF-8");
-						resp.getWriter().write(getHtml(config.getMonitoringMessageSuccess()));
-						Logger.info("Monitoring Servlet finished without errors");
-					}
-					
-				} else {
-					if (tests.existsModule(modulename)) {
-						List<String> errors = tests.executeTest(modulename);
-						if (errors != null && errors.size() > 0) {
-							createErrorMessage(req, resp, errors);
-							
-						} else {
-							resp.setStatus(HttpServletResponse.SC_OK);
-							resp.setContentType("text/html;charset=UTF-8");
-							resp.getWriter().write(getHtml(config.getMonitoringMessageSuccess()));
-							Logger.info("Monitoring Servlet finished without errors");
-						}
-						
-					} else {
-						Logger.warn("NO Testmodule exists with modulename " + modulename);
-						resp.setStatus(HttpServletResponse.SC_NOT_FOUND);
-						resp.setContentType("text/html;charset=UTF-8");
-						PrintWriter out;
-						try {
-							out = new PrintWriter(resp.getOutputStream());
-							out.write("NO Testmodule exists with modulename " + modulename);
-							out.flush();
-							    
-						} catch (IOException e) {
-							Logger.warn("Internal Monitoring Servlet Error. ", e);
-						} 
-					}
-					
-				}	
-			}
-			  
-		} catch (ConfigurationException e) {
-			createErrorMessage(req, resp, Arrays.asList(e.getMessage()));
-		}
-	  }
-	  
-	  private void createErrorMessage(HttpServletRequest req, HttpServletResponse resp, List<String> errorMessage) {
-		  Logger.warn("Monitoring Servlet found some Error: " + errorMessage);
-		  resp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
-		  resp.setContentType("text/html;charset=UTF-8");
-		  PrintWriter out;
-		  try {
-			  out = new PrintWriter(resp.getOutputStream());
-			  for (String error : errorMessage)
-				  out.write(error + "<br>");
-			  out.flush();
-			  
-		  } catch (IOException e) {
-			  Logger.warn("Internal Monitoring Servlet Error. ", e);
-		  } 
-	  }
-	  
-	private String getHtml(String text) {
-		return "<html><head><title>Reponse</title></head><body>" + text +"</body></html>";
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java
deleted file mode 100644
index a08ef5f0c..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java
+++ /dev/null
@@ -1,142 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.monitoring;
-
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.List;
-
-import org.hibernate.Query;
-import org.hibernate.Session;
-
-import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
-import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
-import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
-import at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils;
-import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration;
-import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
-import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-public class DatabaseTestModule implements TestModuleInterface{
-
-	public List<String> performTests() throws Exception {
-		Logger.trace("Start MOA-ID Database Test.");
-		
-		List<String> errors = new ArrayList<String>();
-		
-		AuthConfigurationProvider config = AuthConfigurationProvider.getInstance();
-		
-		String error = testMOAConfigurationDatabase();
-		if (MiscUtil.isNotEmpty(error))
-			errors.add(error);
-		
-		error = testMOASessionDatabase();
-		if (MiscUtil.isNotEmpty(error))
-			errors.add(error);
-		
-		if (config.isAdvancedLoggingActive()) {
-			error = testMOAAdvancedLoggingDatabase();
-			if (MiscUtil.isNotEmpty(error))
-				errors.add(error);
-		}
-		
-		return errors;
-	}
-
-	
-	private String testMOASessionDatabase() throws Exception{
-		Logger.trace("Start Test: MOASessionDatabase");
-		
-		Date expioredate = new Date(new Date().getTime() - 120);
- 
-		try {
-			List<AssertionStore> results;
-			Session session = MOASessionDBUtils.getCurrentSession();
-			
-			synchronized (session) {			
-				session.beginTransaction();
-				Query query = session.getNamedQuery("getAssertionWithTimeOut");
-				query.setTimestamp("timeout", expioredate);		
-				results = query.list();
-				session.getTransaction().commit();
-			}
-			
-			Logger.trace("Finish Test: MOASessionDatabase");
-			return null;
-			
-		} catch (Throwable e) {
-			Logger.warn("Failed Test: MOASessionDatabase", e);
-			return "MOASessionDatabase: " + e.getMessage();
-		}
-	}
-	
-	private String testMOAConfigurationDatabase() throws Exception{
-		
-		MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration();	
-		ConfigurationDBUtils.closeSession();
-		
-		if (moaidconfig == null)
-			return ("MOA-ID 2.x configuration can not be loaded from Database.");
-		
-		return null;
-	}
-	
-	private String testMOAAdvancedLoggingDatabase() {
-		
-		Date expioredate = new Date(new Date().getTime() - 120);
-		try {
-			Session session = StatisticLogDBUtils.getCurrentSession();
-		
-			List<StatisticLog> results;
-		
-			synchronized (session) {			
-				session.beginTransaction();
-				Query query = session.getNamedQuery("getAllEntriesNotBeforeTimeStamp");
-				query.setTimestamp("timeout", expioredate);		
-				results = query.list();
-				session.getTransaction().commit();
-			}
-		
-			Logger.trace("Finish Test: AdvancedLoggingDataBase");
-			return null;
-			
-		} catch (Throwable e) {
-			Logger.warn("Failed Test: AdvancedLoggingDataBase", e);
-			return "AdvancedLoggingDataBase: " + e.getMessage();
-		}
-	}
-
-
-	public String getName() {
-		return "DatabaseTest";
-	}
-
-
-	public void initializeTest(long delayParam, String url) throws Exception {
-		// TODO Auto-generated method stub
-		
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
deleted file mode 100644
index b5220914c..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
+++ /dev/null
@@ -1,109 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.monitoring;
-
-import java.io.InputStream;
-import java.net.URL;
-import java.util.List;
-
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
-import at.gv.egovernment.moa.id.auth.exception.ValidateException;
-import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
-import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
-import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
-import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator;
-import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
-import at.gv.egovernment.moa.id.config.auth.data.DynamicOAAuthParameters;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-
-public class IdentityLinkTestModule implements TestModuleInterface {
-
-	private static IdentityLink identityLink = null;
-	
-	public void initializeTest(long delayParam, String url) throws Exception{
-		
-		if (MiscUtil.isNotEmpty(url)) {
-			
-		  	URL keystoreURL = new URL(url);					
-			InputStream idlstream = keystoreURL.openStream();
-			identityLink = new IdentityLinkAssertionParser(idlstream).parseIdentityLink();
-		}
-		
-	}
-	
-	public List<String> performTests()  throws Exception{
-		Logger.trace("Start MOA-ID IdentityLink Test");
-		
-		AuthConfigurationProvider config = AuthConfigurationProvider.getInstance();
-		
-		IdentityLinkValidator.getInstance().validate(identityLink);
-		// builds a <VerifyXMLSignatureRequest> for a call of MOA-SP
-		Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder()
-				.build(identityLink, config
-						.getMoaSpIdentityLinkTrustProfileID());
-
-		// invokes the call
-		Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker()
-				.verifyXMLSignature(domVerifyXMLSignatureRequest);
-		// parses the <VerifyXMLSignatureResponse>
-		try {
-			VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
-					domVerifyXMLSignatureResponse).parseData();
-		
-			DynamicOAAuthParameters oaParam = new DynamicOAAuthParameters();
-			oaParam.setBusinessService(true);
-			
-			VerifyXMLSignatureResponseValidator.getInstance().validate(
-					verifyXMLSignatureResponse,
-					config.getIdentityLinkX509SubjectNames(),
-					VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK,
-					oaParam);
-			
-		} catch (ValidateException e) {
-			//check if default Monitoring IDL is used then error is ignored
-			if ("validator.07".equals(e.getMessageId()) 
-					&& e.getMessage().contains("Das Zertifikat der Personenbindung ist"))
-				return null;
-			
-			else
-				throw e;
-			
-		}
-		
-		Logger.trace("Finished MOA-ID IdentityLink Test without errors");
-		
-		return null;
-	}
-
-	public String getName() {
-		return "IdentityLinkTest";
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
deleted file mode 100644
index 84581abe8..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
+++ /dev/null
@@ -1,111 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.monitoring;
-
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
-
-public class TestManager {
-
-	private static TestManager instance;
-	
-	private Map<String, TestModuleInterface> tests = new HashMap<String, TestModuleInterface>();
-	
-	public static TestManager getInstance() throws ConfigurationException {
-		if (instance == null)
-			instance = new TestManager();
-		
-		return instance;
-	}
-	
-	private TestManager() throws ConfigurationException {
-		
-		AuthConfigurationProvider config = AuthConfigurationProvider.getInstance();
-		
-		//add Database test
-		DatabaseTestModule test1 = new DatabaseTestModule();
-		tests.put(test1.getName(), test1);
-		
-		//add IdentityLink verification test
-		IdentityLinkTestModule test2 = new IdentityLinkTestModule();
-		String idlurl = FileUtils.makeAbsoluteURL(config.getMonitoringTestIdentityLinkURL(), config.getRootConfigFileDir());
-		try {
-			test2.initializeTest(0, idlurl);
-			tests.put(test2.getName(), test2);;
-			
-		} catch (Exception e) {
-			Logger.warn("MOA-ID IdentityLink Test can not performed without IdentityLink. Insert IdentityLink file to MOA-ID configuration", e);
-		}
-	}
-	
-	public List<String> executeTests() {
-		Logger.debug("Start MOA-ID-Auth testing");
-
-		
-		List<String> errors;
-		
-		for (TestModuleInterface test : tests.values()) {
-			try {
-				errors = test.performTests();
-				if (errors != null && errors.size() > 0)
-					return errors;
-				
-			} catch (Exception e) {
-				Logger.warn("General Testing Eception during Test " + test.getClass() + ": ", e);
-				return Arrays.asList(e.getMessage());
-			}
-		}
-		
-		return null;	
-	}
-	
-	public List<String> executeTest(String testname) {
-		
-		TestModuleInterface test = tests.get(testname);
-		
-		if (test != null) {
-			try {
-				return test.performTests();
-				
-			} catch (Exception e) {
-				Logger.warn("General Testing Eception during Test " + test.getName() + ": ", e);
-				return Arrays.asList(e.getMessage());
-			}
-			
-		} else {
-			Logger.info("TestModule with Name " + testname + " is not implemented");
-			return null;
-		}
-	}
-	
-	public boolean existsModule(String modulename) {
-		return tests.containsKey(modulename);
-	}
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/TestModuleInterface.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/TestModuleInterface.java
deleted file mode 100644
index 4e26b1ce8..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/TestModuleInterface.java
+++ /dev/null
@@ -1,34 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.monitoring;
-
-import java.util.List;
-
-public interface TestModuleInterface {
-
-	public List<String> performTests() throws Exception;
-	
-	public void initializeTest(long delayParam, String url) throws Exception; 
-	
-	public String getName();
-}
diff --git a/id/server/modules/module-monitoring/pom.xml b/id/server/modules/module-monitoring/pom.xml
new file mode 100644
index 000000000..60ab6b6c0
--- /dev/null
+++ b/id/server/modules/module-monitoring/pom.xml
@@ -0,0 +1,22 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+
+	<parent>
+		<groupId>MOA.id.server.modules</groupId>
+		<artifactId>moa-id-modules</artifactId>
+		<version>${moa-id-version}</version>
+	</parent>
+
+	<groupId>MOA.id.server.modules</groupId>
+	<artifactId>moa-id-module-monitoring</artifactId>
+	<version>${moa-id-version}</version>
+	<packaging>jar</packaging>
+
+	<name>MOA ID-Module Monitoring</name>
+
+	<properties>
+		<repositoryPath>${basedir}/../../../../repository</repositoryPath>
+	</properties>
+	
+</project>
diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java
new file mode 100644
index 000000000..1c1cbb723
--- /dev/null
+++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java
@@ -0,0 +1,132 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * 
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ * 
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.util.Arrays;
+import java.util.List;
+
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.monitoring.TestManager;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+@WebServlet(name = "MonitoringServlet", value = "/MonitoringServlet")
+public class MonitoringServlet extends AuthServlet {
+
+	private static final long serialVersionUID = 1L;
+	private static final String REQUEST_ATTR_MODULE = "module";
+	
+	  public MonitoringServlet() {
+		super();
+		Logger.debug("Registering servlet " + getClass().getName() + " with mapping '/MonitoringServlet'.");
+	}
+
+	protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+			    throws ServletException, IOException {
+		  
+		  try {
+			AuthConfigurationProvider config = AuthConfigurationProvider.getInstance();
+			
+			if (config.isMonitoringActive()) {
+				Logger.debug("Monitoring Servlet received request");
+
+				TestManager tests = TestManager.getInstance();
+				
+				String modulename = req.getParameter(REQUEST_ATTR_MODULE);
+				if (MiscUtil.isEmpty(modulename)) {
+				
+					List<String> error = tests.executeTests();
+					if (error != null && error.size() > 0) {
+						createErrorMessage(req, resp, error);
+						
+					} else {
+						resp.setStatus(HttpServletResponse.SC_OK);
+						resp.setContentType("text/html;charset=UTF-8");
+						resp.getWriter().write(getHtml(config.getMonitoringMessageSuccess()));
+						Logger.info("Monitoring Servlet finished without errors");
+					}
+					
+				} else {
+					if (tests.existsModule(modulename)) {
+						List<String> errors = tests.executeTest(modulename);
+						if (errors != null && errors.size() > 0) {
+							createErrorMessage(req, resp, errors);
+							
+						} else {
+							resp.setStatus(HttpServletResponse.SC_OK);
+							resp.setContentType("text/html;charset=UTF-8");
+							resp.getWriter().write(getHtml(config.getMonitoringMessageSuccess()));
+							Logger.info("Monitoring Servlet finished without errors");
+						}
+						
+					} else {
+						Logger.warn("NO Testmodule exists with modulename " + modulename);
+						resp.setStatus(HttpServletResponse.SC_NOT_FOUND);
+						resp.setContentType("text/html;charset=UTF-8");
+						PrintWriter out;
+						try {
+							out = new PrintWriter(resp.getOutputStream());
+							out.write("NO Testmodule exists with modulename " + modulename);
+							out.flush();
+							    
+						} catch (IOException e) {
+							Logger.warn("Internal Monitoring Servlet Error. ", e);
+						} 
+					}
+					
+				}	
+			}
+			  
+		} catch (ConfigurationException e) {
+			createErrorMessage(req, resp, Arrays.asList(e.getMessage()));
+		}
+	  }
+	  
+	  private void createErrorMessage(HttpServletRequest req, HttpServletResponse resp, List<String> errorMessage) {
+		  Logger.warn("Monitoring Servlet found some Error: " + errorMessage);
+		  resp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+		  resp.setContentType("text/html;charset=UTF-8");
+		  PrintWriter out;
+		  try {
+			  out = new PrintWriter(resp.getOutputStream());
+			  for (String error : errorMessage)
+				  out.write(error + "<br>");
+			  out.flush();
+			  
+		  } catch (IOException e) {
+			  Logger.warn("Internal Monitoring Servlet Error. ", e);
+		  } 
+	  }
+	  
+	private String getHtml(String text) {
+		return "<html><head><title>Reponse</title></head><body>" + text +"</body></html>";
+	}
+}
diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java
new file mode 100644
index 000000000..a08ef5f0c
--- /dev/null
+++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java
@@ -0,0 +1,142 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.monitoring;
+
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+
+import org.hibernate.Query;
+import org.hibernate.Session;
+
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
+import at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration;
+import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class DatabaseTestModule implements TestModuleInterface{
+
+	public List<String> performTests() throws Exception {
+		Logger.trace("Start MOA-ID Database Test.");
+		
+		List<String> errors = new ArrayList<String>();
+		
+		AuthConfigurationProvider config = AuthConfigurationProvider.getInstance();
+		
+		String error = testMOAConfigurationDatabase();
+		if (MiscUtil.isNotEmpty(error))
+			errors.add(error);
+		
+		error = testMOASessionDatabase();
+		if (MiscUtil.isNotEmpty(error))
+			errors.add(error);
+		
+		if (config.isAdvancedLoggingActive()) {
+			error = testMOAAdvancedLoggingDatabase();
+			if (MiscUtil.isNotEmpty(error))
+				errors.add(error);
+		}
+		
+		return errors;
+	}
+
+	
+	private String testMOASessionDatabase() throws Exception{
+		Logger.trace("Start Test: MOASessionDatabase");
+		
+		Date expioredate = new Date(new Date().getTime() - 120);
+ 
+		try {
+			List<AssertionStore> results;
+			Session session = MOASessionDBUtils.getCurrentSession();
+			
+			synchronized (session) {			
+				session.beginTransaction();
+				Query query = session.getNamedQuery("getAssertionWithTimeOut");
+				query.setTimestamp("timeout", expioredate);		
+				results = query.list();
+				session.getTransaction().commit();
+			}
+			
+			Logger.trace("Finish Test: MOASessionDatabase");
+			return null;
+			
+		} catch (Throwable e) {
+			Logger.warn("Failed Test: MOASessionDatabase", e);
+			return "MOASessionDatabase: " + e.getMessage();
+		}
+	}
+	
+	private String testMOAConfigurationDatabase() throws Exception{
+		
+		MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration();	
+		ConfigurationDBUtils.closeSession();
+		
+		if (moaidconfig == null)
+			return ("MOA-ID 2.x configuration can not be loaded from Database.");
+		
+		return null;
+	}
+	
+	private String testMOAAdvancedLoggingDatabase() {
+		
+		Date expioredate = new Date(new Date().getTime() - 120);
+		try {
+			Session session = StatisticLogDBUtils.getCurrentSession();
+		
+			List<StatisticLog> results;
+		
+			synchronized (session) {			
+				session.beginTransaction();
+				Query query = session.getNamedQuery("getAllEntriesNotBeforeTimeStamp");
+				query.setTimestamp("timeout", expioredate);		
+				results = query.list();
+				session.getTransaction().commit();
+			}
+		
+			Logger.trace("Finish Test: AdvancedLoggingDataBase");
+			return null;
+			
+		} catch (Throwable e) {
+			Logger.warn("Failed Test: AdvancedLoggingDataBase", e);
+			return "AdvancedLoggingDataBase: " + e.getMessage();
+		}
+	}
+
+
+	public String getName() {
+		return "DatabaseTest";
+	}
+
+
+	public void initializeTest(long delayParam, String url) throws Exception {
+		// TODO Auto-generated method stub
+		
+	}
+}
diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
new file mode 100644
index 000000000..b5220914c
--- /dev/null
+++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
@@ -0,0 +1,109 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.monitoring;
+
+import java.io.InputStream;
+import java.net.URL;
+import java.util.List;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.exception.ValidateException;
+import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
+import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
+import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator;
+import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.config.auth.data.DynamicOAAuthParameters;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class IdentityLinkTestModule implements TestModuleInterface {
+
+	private static IdentityLink identityLink = null;
+	
+	public void initializeTest(long delayParam, String url) throws Exception{
+		
+		if (MiscUtil.isNotEmpty(url)) {
+			
+		  	URL keystoreURL = new URL(url);					
+			InputStream idlstream = keystoreURL.openStream();
+			identityLink = new IdentityLinkAssertionParser(idlstream).parseIdentityLink();
+		}
+		
+	}
+	
+	public List<String> performTests()  throws Exception{
+		Logger.trace("Start MOA-ID IdentityLink Test");
+		
+		AuthConfigurationProvider config = AuthConfigurationProvider.getInstance();
+		
+		IdentityLinkValidator.getInstance().validate(identityLink);
+		// builds a <VerifyXMLSignatureRequest> for a call of MOA-SP
+		Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder()
+				.build(identityLink, config
+						.getMoaSpIdentityLinkTrustProfileID());
+
+		// invokes the call
+		Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker()
+				.verifyXMLSignature(domVerifyXMLSignatureRequest);
+		// parses the <VerifyXMLSignatureResponse>
+		try {
+			VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
+					domVerifyXMLSignatureResponse).parseData();
+		
+			DynamicOAAuthParameters oaParam = new DynamicOAAuthParameters();
+			oaParam.setBusinessService(true);
+			
+			VerifyXMLSignatureResponseValidator.getInstance().validate(
+					verifyXMLSignatureResponse,
+					config.getIdentityLinkX509SubjectNames(),
+					VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK,
+					oaParam);
+			
+		} catch (ValidateException e) {
+			//check if default Monitoring IDL is used then error is ignored
+			if ("validator.07".equals(e.getMessageId()) 
+					&& e.getMessage().contains("Das Zertifikat der Personenbindung ist"))
+				return null;
+			
+			else
+				throw e;
+			
+		}
+		
+		Logger.trace("Finished MOA-ID IdentityLink Test without errors");
+		
+		return null;
+	}
+
+	public String getName() {
+		return "IdentityLinkTest";
+	}
+
+}
diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
new file mode 100644
index 000000000..84581abe8
--- /dev/null
+++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
@@ -0,0 +1,111 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.monitoring;
+
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.FileUtils;
+
+public class TestManager {
+
+	private static TestManager instance;
+	
+	private Map<String, TestModuleInterface> tests = new HashMap<String, TestModuleInterface>();
+	
+	public static TestManager getInstance() throws ConfigurationException {
+		if (instance == null)
+			instance = new TestManager();
+		
+		return instance;
+	}
+	
+	private TestManager() throws ConfigurationException {
+		
+		AuthConfigurationProvider config = AuthConfigurationProvider.getInstance();
+		
+		//add Database test
+		DatabaseTestModule test1 = new DatabaseTestModule();
+		tests.put(test1.getName(), test1);
+		
+		//add IdentityLink verification test
+		IdentityLinkTestModule test2 = new IdentityLinkTestModule();
+		String idlurl = FileUtils.makeAbsoluteURL(config.getMonitoringTestIdentityLinkURL(), config.getRootConfigFileDir());
+		try {
+			test2.initializeTest(0, idlurl);
+			tests.put(test2.getName(), test2);;
+			
+		} catch (Exception e) {
+			Logger.warn("MOA-ID IdentityLink Test can not performed without IdentityLink. Insert IdentityLink file to MOA-ID configuration", e);
+		}
+	}
+	
+	public List<String> executeTests() {
+		Logger.debug("Start MOA-ID-Auth testing");
+
+		
+		List<String> errors;
+		
+		for (TestModuleInterface test : tests.values()) {
+			try {
+				errors = test.performTests();
+				if (errors != null && errors.size() > 0)
+					return errors;
+				
+			} catch (Exception e) {
+				Logger.warn("General Testing Eception during Test " + test.getClass() + ": ", e);
+				return Arrays.asList(e.getMessage());
+			}
+		}
+		
+		return null;	
+	}
+	
+	public List<String> executeTest(String testname) {
+		
+		TestModuleInterface test = tests.get(testname);
+		
+		if (test != null) {
+			try {
+				return test.performTests();
+				
+			} catch (Exception e) {
+				Logger.warn("General Testing Eception during Test " + test.getName() + ": ", e);
+				return Arrays.asList(e.getMessage());
+			}
+			
+		} else {
+			Logger.info("TestModule with Name " + testname + " is not implemented");
+			return null;
+		}
+	}
+	
+	public boolean existsModule(String modulename) {
+		return tests.containsKey(modulename);
+	}
+}
diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestModuleInterface.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestModuleInterface.java
new file mode 100644
index 000000000..4e26b1ce8
--- /dev/null
+++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestModuleInterface.java
@@ -0,0 +1,34 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.monitoring;
+
+import java.util.List;
+
+public interface TestModuleInterface {
+
+	public List<String> performTests() throws Exception;
+	
+	public void initializeTest(long delayParam, String url) throws Exception; 
+	
+	public String getName();
+}
diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml
index 64b1b57b4..e9234a62f 100644
--- a/id/server/modules/pom.xml
+++ b/id/server/modules/pom.xml
@@ -21,6 +21,7 @@
 	
 	<modules>
 		<module>module-stork</module>
+		<module>module-monitoring</module>
 	</modules>
 	
 	<dependencies>
diff --git a/pom.xml b/pom.xml
index 95a3f1155..8bcbe8154 100644
--- a/pom.xml
+++ b/pom.xml
@@ -329,6 +329,11 @@
 				<artifactId>moa-id-module-stork</artifactId>
 				<version>${moa-id-version}</version>
 			</dependency>            
+			<dependency>
+				<groupId>MOA.id.server.modules</groupId>
+				<artifactId>moa-id-module-monitoring</artifactId>
+				<version>${moa-id-version}</version>
+			</dependency>            
             <dependency>
                 <groupId>MOA.spss.server</groupId>
                 <artifactId>moa-spss-lib</artifactId>
-- 
cgit v1.2.3


From b864faef2864cc28df98d778e2221bf2cf911954 Mon Sep 17 00:00:00 2001
From: Thomas Knall <t.knall@datentechnik-innovation.com>
Date: Thu, 5 Feb 2015 16:56:04 +0100
Subject: Perform some cleanup tasks

- Rename AbstractSpringWebSupportedTask to MoaIdTask.
- Remove some unnecessary code.
---
 .../src/main/webapp/WEB-INF/applicationContext.xml |  2 +-
 .../id/auth/modules/AbstractAuthServletTask.java   |  4 +-
 .../egovernment/moa/id/process/ProcessEngine.java  |  1 -
 .../moa/id/process/ProcessEngineImpl.java          | 12 +---
 .../id/process/dao/ProcessInstanceStoreDAO.java    |  2 -
 .../springweb/AbstractSpringWebSupportedTask.java  | 73 ----------------------
 .../moa/id/process/springweb/MoaIdTask.java        | 73 ++++++++++++++++++++++
 7 files changed, 78 insertions(+), 89 deletions(-)
 delete mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/AbstractSpringWebSupportedTask.java
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/MoaIdTask.java

(limited to 'id/server/auth/src')

diff --git a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml
index fabe6cd9c..a3f834457 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/applicationContext.xml
@@ -9,7 +9,7 @@
 
 	<bean id="processEngine" class="at.gv.egovernment.moa.id.process.ProcessEngineImpl">
 		<property name="transitionConditionExpressionEvaluator">
-			<bean class="at.gv.egovernment.moa.id.process.spring.SpringExpressionEvaluator" />
+			<bean class="at.gv.egovernment.moa.id.process.springweb.SpringWebExpressionEvaluator" />
 		</property>
 	</bean>
 	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
index 3b20e85d7..67ddd170a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
@@ -32,7 +32,7 @@ import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
 import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet;
-import at.gv.egovernment.moa.id.process.springweb.AbstractSpringWebSupportedTask;
+import at.gv.egovernment.moa.id.process.springweb.MoaIdTask;
 import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl;
 import at.gv.egovernment.moa.id.storage.IExceptionStore;
 import at.gv.egovernment.moa.id.util.ServletUtils;
@@ -43,7 +43,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
  * Task based counterpart to {@link AuthServlet}, providing the same utility methods (error handling, parameter parsing
  * etc.).</p> The code has been taken from {@link AuthServlet}.
  */
-public abstract class AbstractAuthServletTask extends AbstractSpringWebSupportedTask {
+public abstract class AbstractAuthServletTask extends MoaIdTask {
 
 	protected static final String ERROR_CODE_PARAM = "errorid";
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java
index ff6ec969e..032cb6369 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngine.java
@@ -2,7 +2,6 @@ package at.gv.egovernment.moa.id.process;
 
 
 import java.io.InputStream;
-import java.io.Serializable;
 
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.process.model.ProcessDefinition;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java
index 650bae44e..0ffa22ec3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java
@@ -115,13 +115,10 @@ public class ProcessEngineImpl implements ProcessEngine {
 	@Override
 	public void start(String processInstanceId) throws ProcessExecutionException {
 
-		boolean mdcEntryAdded = false;
-
 		try {
 			ProcessInstance pi = loadProcessInstance(processInstanceId);
 
 			MDC.put(MDC_CTX_PI_NAME, pi.getId());
-			mdcEntryAdded = true;
 
 			if (!ProcessInstanceState.NOT_STARTED.equals(pi.getState())) {
 				throw new ProcessExecutionException("Process instance '" + pi.getId() + "' has already been started (current state is " + pi.getState() + ").");
@@ -136,21 +133,17 @@ public class ProcessEngineImpl implements ProcessEngine {
 			throw new ProcessExecutionException("Unable to load/save process instance.", e);
 
 		} finally {
-			if (mdcEntryAdded)
-				MDC.remove(MDC_CTX_PI_NAME);
+			MDC.remove(MDC_CTX_PI_NAME);
 		}
 	}
 	
 	@Override
 	public void signal(String processInstanceId) throws ProcessExecutionException {
 
-		boolean mdcEntryAdded = false;
-
 		try {
 			ProcessInstance pi = loadProcessInstance(processInstanceId);
 
 			MDC.put(MDC_CTX_PI_NAME, pi.getId());
-			mdcEntryAdded = true;
 
 			if (!ProcessInstanceState.SUSPENDED.equals(pi.getState())) {
 				throw new ProcessExecutionException("Process instance '" + pi.getId() + "' has not been suspended (current state is " + pi.getState() + ").");
@@ -165,8 +158,7 @@ public class ProcessEngineImpl implements ProcessEngine {
 			throw new ProcessExecutionException("Unable to load/save process instance.", e);
 
 		} finally {
-			if (mdcEntryAdded)
-				MDC.remove(MDC_CTX_PI_NAME);
+			MDC.remove(MDC_CTX_PI_NAME);
 		}
 	}
 	
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAO.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAO.java
index 6f8a8c66c..92ffe11db 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAO.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/dao/ProcessInstanceStoreDAO.java
@@ -1,7 +1,5 @@
 package at.gv.egovernment.moa.id.process.dao;
 
-import java.util.List;
-
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.process.ProcessInstance;
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/AbstractSpringWebSupportedTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/AbstractSpringWebSupportedTask.java
deleted file mode 100644
index c9262cea9..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/AbstractSpringWebSupportedTask.java
+++ /dev/null
@@ -1,73 +0,0 @@
-package at.gv.egovernment.moa.id.process.springweb;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.springframework.web.context.request.RequestAttributes;
-import org.springframework.web.context.request.RequestContextHolder;
-import org.springframework.web.context.request.ServletRequestAttributes;
-import org.springframework.web.filter.RequestContextFilter;
-
-import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.process.api.Task;
-
-/**
- * Abstract task implementation providing {@link HttpServletRequest} and {@link HttpServletResponse}.
- * <p/>
- * Note that this abstract task requires the Spring (web) framework including a {@link RequestContextFilter} to be set
- * within {@code web.xml}.
- * 
- * <pre>
- * ...
- * &lt;filter&gt;
- *   &lt;filter-name&gt;requestContextFilter&lt;/filter-name&gt;
- *   &lt;filter-class&gt;org.springframework.web.filter.RequestContextFilter&lt;/filter-class&gt;
- * &lt;/filter&gt;
- * &lt;filter-mapping&gt;
- *   &lt;filter-name&gt;requestContextFilter&lt;/filter-name&gt;
- *   &lt;url-pattern&gt;/*&lt;/url-pattern&gt;
- * &lt;/filter-mapping&gt;
- * ...
- * </pre>
- * 
- * @author tknall
- * 
- */
-public abstract class AbstractSpringWebSupportedTask implements Task {
-
-	/**
-	 * Executes the task providing the underlying {@link ExecutionContext} {@code executionContext} as well as the
-	 * respective {@link HttpServletRequest} and {@link HttpServletResponse}.
-	 * 
-	 * @param executionContext
-	 *            The execution context (never {@code null}).
-	 * @param request
-	 *            The HttpServletRequest (never {@code null}).
-	 * @param response
-	 *            The HttpServletResponse (never {@code null}).
-	 * @throws IllegalStateException
-	 *             Thrown in case the task is nur being run within the required environment. Refer to javadoc for
-	 *             further information.
-	 * @throws Exception
-	 *             Thrown in case of error executing the task.
-	 */
-	public abstract void execute(ExecutionContext executionContext, HttpServletRequest request,
-			HttpServletResponse response) throws Exception;
-
-	@Override
-	public void execute(ExecutionContext executionContext) throws Exception {
-		RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
-		if (requestAttributes != null && requestAttributes instanceof ServletRequestAttributes) {
-			HttpServletRequest request = ((ServletRequestAttributes) requestAttributes).getRequest();
-			HttpServletResponse response = ((ServletRequestAttributes) requestAttributes).getResponse();
-			if (request == null || response == null) {
-				throw new IllegalStateException(
-						"Spring's RequestContextHolder did not provide HttpServletResponse. Did you forget to set the required org.springframework.web.filter.RequestContextFilter in your web.xml.");
-			}
-			execute(executionContext, request, response);
-		} else {
-			throw new IllegalStateException("Task needs to be executed within a Spring web environment.");
-		}
-	}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/MoaIdTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/MoaIdTask.java
new file mode 100644
index 000000000..bae6391ec
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/MoaIdTask.java
@@ -0,0 +1,73 @@
+package at.gv.egovernment.moa.id.process.springweb;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.web.context.request.RequestAttributes;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+import org.springframework.web.filter.RequestContextFilter;
+
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.id.process.api.Task;
+
+/**
+ * Abstract task implementation providing {@link HttpServletRequest} and {@link HttpServletResponse}.
+ * <p/>
+ * Note that this abstract task requires the Spring (web) framework including a {@link RequestContextFilter} to be set
+ * within {@code web.xml}.
+ * 
+ * <pre>
+ * ...
+ * &lt;filter&gt;
+ *   &lt;filter-name&gt;requestContextFilter&lt;/filter-name&gt;
+ *   &lt;filter-class&gt;org.springframework.web.filter.RequestContextFilter&lt;/filter-class&gt;
+ * &lt;/filter&gt;
+ * &lt;filter-mapping&gt;
+ *   &lt;filter-name&gt;requestContextFilter&lt;/filter-name&gt;
+ *   &lt;url-pattern&gt;/*&lt;/url-pattern&gt;
+ * &lt;/filter-mapping&gt;
+ * ...
+ * </pre>
+ * 
+ * @author tknall
+ * 
+ */
+public abstract class MoaIdTask implements Task {
+
+	/**
+	 * Executes the task providing the underlying {@link ExecutionContext} {@code executionContext} as well as the
+	 * respective {@link HttpServletRequest} and {@link HttpServletResponse}.
+	 * 
+	 * @param executionContext
+	 *            The execution context (never {@code null}).
+	 * @param request
+	 *            The HttpServletRequest (never {@code null}).
+	 * @param response
+	 *            The HttpServletResponse (never {@code null}).
+	 * @throws IllegalStateException
+	 *             Thrown in case the task is nur being run within the required environment. Refer to javadoc for
+	 *             further information.
+	 * @throws Exception
+	 *             Thrown in case of error executing the task.
+	 */
+	public abstract void execute(ExecutionContext executionContext, HttpServletRequest request,
+			HttpServletResponse response) throws Exception;
+
+	@Override
+	public void execute(ExecutionContext executionContext) throws Exception {
+		RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
+		if (requestAttributes != null && requestAttributes instanceof ServletRequestAttributes) {
+			HttpServletRequest request = ((ServletRequestAttributes) requestAttributes).getRequest();
+			HttpServletResponse response = ((ServletRequestAttributes) requestAttributes).getResponse();
+			if (request == null || response == null) {
+				throw new IllegalStateException(
+						"Spring's RequestContextHolder did not provide HttpServletResponse. Did you forget to set the required org.springframework.web.filter.RequestContextFilter in your web.xml.");
+			}
+			execute(executionContext, request, response);
+		} else {
+			throw new IllegalStateException("Task needs to be executed within a Spring web environment.");
+		}
+	}
+
+}
-- 
cgit v1.2.3


From 426aa9b3dc4205e4c2d82924dba5a2473b48358a Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 26 Feb 2015 12:46:17 +0100
Subject: change Version to 2.2.0

---
 id/server/auth/src/main/webapp/index.html |  2 +-
 pom.xml                                   | 14 +++++++-------
 2 files changed, 8 insertions(+), 8 deletions(-)

(limited to 'id/server/auth/src')

diff --git a/id/server/auth/src/main/webapp/index.html b/id/server/auth/src/main/webapp/index.html
index 381d8d82d..982c850a8 100644
--- a/id/server/auth/src/main/webapp/index.html
+++ b/id/server/auth/src/main/webapp/index.html
@@ -2,7 +2,7 @@
 <html>
     <head>
         <meta http-equiv="content-type" content="text/html; charset=utf8" >
-        <title>MOA-ID 2.1.x</title>
+        <title>MOA-ID 2.2.x</title>
         <link rel="stylesheet" href="./common/main.css" type="text/css">
         <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
         <link href='https://fonts.googleapis.com/css?family=Roboto:300,400' rel='stylesheet' type='text/css'>
diff --git a/pom.xml b/pom.xml
index bee32cd20..3eb2ae869 100644
--- a/pom.xml
+++ b/pom.xml
@@ -21,12 +21,12 @@
 		<moa-commons-version>2.0.1</moa-commons-version>
 		-->
 		
-		<moa-commons-version>2.0.2-SNAPSHOT</moa-commons-version>
-		<moa-id-version>2.2.0-SNAPSHOT</moa-id-version>
+		<moa-commons-version>2.0.2</moa-commons-version>
+		<moa-id-version>2.2.0</moa-id-version>
 		<moa-id-proxy-version>2.0.1-SNAPSHOT</moa-id-proxy-version>
-		<moa-spss-version>2.0.4-SNAPSHOT</moa-spss-version>
-		<configtool-version>1.1.5-SNAPSHOT</configtool-version>
-		<demo-oa-version>2.0.3-SNAPSHOT</demo-oa-version>
+		<moa-spss-version>2.0.4</moa-spss-version>
+		<configtool-version>1.1.5</configtool-version>
+		<demo-oa-version>2.0.3</demo-oa-version>
 		
 		<org.springframework.version>4.1.5.RELEASE</org.springframework.version>
 		<surefire.version>2.18.1</surefire.version>
@@ -196,7 +196,7 @@
             </plugin>
             
             		            <!-- Vulnerability checks -->
-             <plugin>
+<!--              <plugin>
               <groupId>org.owasp</groupId>
               <artifactId>dependency-check-maven</artifactId>
               <version>1.2.5</version>
@@ -208,7 +208,7 @@
                     </goals>
                   </execution>
               </executions>
-            </plugin>
+            </plugin> -->
             
         </plugins>
         
-- 
cgit v1.2.3


From 4df561f9f19966c92cd658efa0cd3942a0a091d4 Mon Sep 17 00:00:00 2001
From: Florian Reimair <florian.reimair@iaik.tugraz.at>
Date: Tue, 5 May 2015 16:10:56 +0200
Subject: moved consent request before attributes are being collected

---
 .../auth/src/main/webapp/WEB-INF/urlrewrite.xml    |  2 +-
 .../id/protocols/stork2/AttributeCollector.java    | 12 ++-----
 .../id/protocols/stork2/AuthenticationRequest.java |  7 +++-
 .../moa/id/protocols/stork2/ConsentEvaluator.java  | 42 ++++++++++++++--------
 4 files changed, 38 insertions(+), 25 deletions(-)

(limited to 'id/server/auth/src')

diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
index 54debca81..8f01ca22b 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
@@ -74,7 +74,7 @@
         <to type="forward">/dispatcher?mod=id_stork2&amp;action=AttributeCollector&amp;%{query-string}</to>
     </rule>
     <rule match-type="regex">
-        <from>^/stork2/CompleteAuthentication$</from>
+        <from>^/stork2/GetConsent$</from>
         <to type="forward">/dispatcher?mod=id_stork2&amp;action=ConsentEvaluator&amp;%{query-string}</to>
     </rule>
     <rule match-type="regex">
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
index 1e6cf6910..704f8b8a9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
@@ -26,12 +26,8 @@ import java.util.ArrayList;
 import java.util.Iterator;
 import java.util.List;
 
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin;
-import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute;
-import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
@@ -186,7 +182,8 @@ public class AttributeCollector implements IAction {
         List<PersonalAttribute> missingAttributes = new ArrayList<PersonalAttribute>();
         for (PersonalAttribute current : requestAttributeList)
             if (!responseAttributeList.containsKey(current.getName()))
-                missingAttributes.add(current);
+                if(null == current.getStatus() || (null != current.getStatus() && !current.getStatus().equals(AttributeStatusType.WITHHELD.value())))
+                    missingAttributes.add(current);
 
         Logger.info("collecting attributes...");
 		Logger.debug("found " + missingAttributes.size() + " missing attributes");
@@ -253,10 +250,7 @@ public class AttributeCollector implements IAction {
             Logger.info("collecting attributes done");
             
             // ask for consent if necessary
-            if(oaParam.isRequireConsentForStorkAttributes())
-            	new ConsentEvaluator().requestConsent(container, response, oaParam);
-            else
-            	new ConsentEvaluator().generateSTORKResponse(response, container);
+            new ConsentEvaluator().generateSTORKResponse(response, container);
 
             return null; // AssertionId
                             // TODO
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
index 859f4900b..e0c4b3d16 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
@@ -163,7 +163,12 @@ public class AuthenticationRequest implements IAction {
 
             Logger.debug("Data container prepared");
 
-            return (new AttributeCollector()).processRequest(container, httpReq, httpResp, authData, oaParam);
+            if(oaParam.isRequireConsentForStorkAttributes())
+                new ConsentEvaluator().requestConsent(container, httpReq, httpResp, authData, oaParam);
+            else
+                new AttributeCollector().processRequest(container, httpReq, httpResp, authData, oaParam);
+
+            return null;
         }
 //        // check if we are getting request for citizen of some other country
 //        else if (req instanceof MOASTORKRequest) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
index 2c5728798..51e731e8a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
@@ -23,13 +23,17 @@
 package at.gv.egovernment.moa.id.protocols.stork2;
 
 import java.io.StringWriter;
+
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+
 import java.util.ArrayList;
 import java.util.HashMap;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import java.util.Map.Entry;
+
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.data.IAuthData;
 import at.gv.egovernment.moa.id.data.SLOInformationInterface;
 import at.gv.egovernment.moa.id.moduls.IAction;
@@ -39,14 +43,13 @@ import at.gv.egovernment.moa.id.util.VelocityProvider;
 import at.gv.egovernment.moa.logging.Logger;
 import eu.stork.peps.auth.commons.PEPSUtil;
 import eu.stork.peps.auth.commons.PersonalAttribute;
-import eu.stork.peps.auth.commons.STORKAuthnResponse;
 import eu.stork.peps.auth.engine.STORKSAMLEngine;
 import eu.stork.peps.complex.attributes.eu.stork.names.tc.stork._1_0.assertion.AttributeStatusType;
 import eu.stork.peps.exceptions.STORKSAMLEngineException;
+
 import org.apache.velocity.Template;
 import org.apache.velocity.VelocityContext;
 import org.apache.velocity.app.VelocityEngine;
-import org.joda.time.DateTime;
 import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
 
 import javax.servlet.http.HttpServletRequest;
@@ -72,23 +75,28 @@ public class ConsentEvaluator implements IAction {
 		DataContainer container;
 		try {
 			container = AssertionStorage.getInstance().get(artifactId, DataContainer.class);
+			req = container.getRequest();
 		} catch (MOADatabaseException e) {
 			Logger.error("Error fetching incomplete Stork response from temporary storage. Most likely a timeout occured.", e);
 			throw new MOAIDException("stork.17", null);
 		}
 
 		// evaluate response
-		for(PersonalAttribute current : container.getResponse().getPersonalAttributeList()) {
+		for(PersonalAttribute current : container.getRequest().getPersonalAttributeList()) {
 			if(null == httpReq.getParameter(current.getName())) {
-				current.setStatus(AttributeStatusType.NOT_AVAILABLE.value());
+				current.setStatus(AttributeStatusType.WITHHELD.value());
 				current.setValue(new ArrayList<String>());
 				current.setComplexValue(new HashMap<String, String>());
 			}
 		}
 
-        // build and send response
-        generateSTORKResponse(httpResp, container);
-        
+        //TODO: CHECK: req.getOAURL() should return the unique OA identifier
+		OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(req.getOAURL());
+		if (oaParam == null)
+			throw new AuthenticationException("stork.12", new Object[]{req.getOAURL()});
+
+		new AttributeCollector().processRequest(container, httpReq, httpResp, authData, oaParam);
+
         return null; // AssertionId
     }
 
@@ -96,12 +104,19 @@ public class ConsentEvaluator implements IAction {
 	 * Fills the given HttpResponse with the required web page.
 	 *
 	 * @param container the container
+	 * @param authData 
 	 * @param response the response
 	 * @param oaParam the oa param
 	 * @return the string
 	 * @throws MOAIDException the mOAID exception
 	 */
-	public String requestConsent(DataContainer container, HttpServletResponse response, IOAAuthParameters oaParam) throws MOAIDException {
+	public String requestConsent(DataContainer container, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData, OAAuthParameter oaParam) throws MOAIDException {
+		//check if we need to collect consent
+        if(!oaParam.isRequireConsentForStorkAttributes()) {
+            (new AttributeCollector()).processRequest(container, httpReq, httpResp, authData, oaParam);
+            return "";
+        }
+
 		// prepare redirect
 		String newArtifactId;
 		try {
@@ -130,13 +145,12 @@ public class ConsentEvaluator implements IAction {
 			Template template = velocityEngine.getTemplate("/resources/templates/stork2_consent.html");
 			VelocityContext context = new VelocityContext();
 
-			context.put("action", AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/stork2/CompleteAuthentication?" + ARTIFACT_ID + "=" + newArtifactId);
+			context.put("action", AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/stork2/GetConsent?" + ARTIFACT_ID + "=" + newArtifactId);
 
 			// assemble table
 			String table = "";
-			for (PersonalAttribute current : container.getResponse().getPersonalAttributeList())
-				if ("Available".equals(current.getStatus()))
-					table += "<tr><td><input type=\"checkbox\" checked=\"yes\" name=\"" + current.getName() + "\"></td><td>" + current.getName() + "</td></tr>\n";
+			for (PersonalAttribute current : container.getRequest().getPersonalAttributeList())
+				table += "<tr><td><input type=\"checkbox\" checked=\"yes\" name=\"" + current.getName() + "\"></td><td>" + current.getName() + "</td></tr>\n";
 
 			context.put("tablecontent", table);
 
-- 
cgit v1.2.3